BackDoor Botnet Taken Over

Tuesday, April 9, 2013 @ 04:04 PM gHale


A botnet that in its prime infected over 100 computers per hour, is now under control of Russian antivirus company Doctor Web.

The firm gained control of BackDoor.Bulknet.739, from its developers, company officials said.

RELATED STORIES
Zeus Reigns as Supreme Botnet
Grum Botnet Coming Back Slowly
Cookie Attack can Hijack Accounts
Huge Botnet Steals from Advertisers

“Doctor Web’s analysts managed to hijack a server used to control the BackDoor.Bulknet.739 botnet and gathered statistics. As of 5 April, over 7,000 bots were connected to the server,” the company said.

The campaign spread itself using malicious spam messages sent automatically from any machine caught up in the zombie network.

“The Trojan facilitates the sending of massive volumes of spam from infected computers. BackDoor mainly targets machines located in Italy, France, Turkey, the USA, Mexico and Thailand,” wrote a Doctor Web researcher.

The firm reported at its peak the tactic was hugely successful, leading to 100 infections per hour.

Researchers initially uncovered the campaign late in 2012 and have tied it to numerous mass mailing scams.

“The first time BackDoor drew the interest of Doctor Web’s analysts was in October 2012. They discovered the Trojan connected computers into botnets and was enabling criminals to carry out mass spam mailings,” the researchers said.

Doctor Web reported Microsoft’s Windows XP and Windows 7 operating systems ended up affected the most, accounting for 42 percent and 52 percent of the known infections respectively.

The botnet’s high success rate is systematic of a wider escalation in the complexity and ingenuity of cyber criminal’s attack tools and strategies.



Leave a Reply

You must be logged in to post a comment.