One More Botnet Crashes and Burns

Thursday, July 7, 2011 @ 04:07 PM gHale


One more botnet went down as security experts work toward shutting down a modified Palevo version whose creators now face charges after their arrest last week in Europe.

This new botnet affects computers in over 172 countries, including the U.S., Russia, Brazil, China, UK and Iran, according to Unveillance, a security firm involved in the effort.

RELATED STORIES
Botnet Fall Leaves Malware-Free Zone
Microsoft Updates Rootkit Removal Plan
‘Indestructible’ Botnet Making Rounds
Botnet Detection via a Smart DNS

The malware powering the botnet is a variant of Palevo, a computer worm that spreads by exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares, as well as sending itself over instant messaging and p2p file sharing networks.

Palevo, also known as Pilleuz or Rimecud, was also responsible for the Mariposa (Butterfly) botnet taken down by Spanish authorities in March 2010. At the time, officials considered the botnet the largest in the world.

In July the same year, the Slovenian Criminal Police arrested an individual suspected of being the lead developer behind Palevo, however, the worm made a comeback late last year.

Security researchers from Trend Micro said in May Palevo’s activity is as strong as it was before Mariposa went down. This was likely the result of the new botnet that Unveillance was tracking.

The law enforcement action in Europe last week ended with arrest of a man from Banja Luka, Bosnia and one from Slovenia. Police said the two operated the botnet in an effort to steal money from the bank accounts of people worldwide.



Leave a Reply

You must be logged in to post a comment.