botnet

Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

The developers of the DirtyMoe botnet (which was assessed as insignificant) added to it a worm-like spreading module, after which the malware infected more than 100,000 Windows systems. he DirtyMoe botnet, allegedly run from China, has grown exponentially over the past year. If in 2020 it consisted of 10 thousand infected systems, then in the first half of this year it included 100 thousand systems. The DirtyMoe botnet, also known as PurpleFox, Perkiler, and NuggetPhantom, has been known since 2017. Its main purpose was (and still is) infecting Windows systems in order to mine cryptocurrency without awareness of the victims, although in 2018 it also discovered a function for carrying out DDoS attacks. For most of this time, the botnet …

Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems Read More »

DirtyMoe botnet infected

TeamTNT mining botnet infected over 50,000 systems in three months

Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. he TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known that the hackers slightly changed their tactics: they began to attack Kubernetes, and also began to search for credentials from Amazon Web Services on the infected servers and steal them. In addition, there have now been recorded cases of hackers posting malicious images to the Docker Hub, and researchers have discovered that the group is using the Weave Scope tool in their attacks, designed to …

TeamTNT mining botnet infected over 50,000 systems in three months Read More »

mining botnet TeamTNT

Prometei botnet attacks vulnerable Microsoft Exchange servers

Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. esearchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail server, which the researchers collectively named ProxyLogon (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). These vulnerabilities can be chained together and exploited to allow an attacker to authenticate on the Exchange server, gain administrator rights, install malware and steal data. In early March 2021, attacks on vulnerable servers were carried out by more than 10 hack groups, deploying web shells, miners and ransomware on the servers. According …

Prometei botnet attacks vulnerable Microsoft Exchange servers Read More »

Prometei attacks Microsoft Exchange

DreamBus botnet attacks corporate applications on Linux servers

Zscaler analysts reported about the new DreamBus botnet that attacks corporate applications on Linux servers. It is a variation of the SystemdMiner malware that appeared back in 2019. reamBus has received a number of improvements over SystemdMiner. For example, the botnet mainly targets enterprise applications running on Linux systems, including PostgreSQL, Redis, Hadoop YARN, Apache Spark, HashiCorp Consul, SaltStack, and SSH. Some of them are subject to brute-force attacks, during which malware tries to use default credentials, while others are attacked by exploits for old vulnerabilities. The main task of DreamBus is to allow its operators to gain a foothold on the server so that they can download and install an open source miner for mining the Monero cryptocurrency (XMR). …

DreamBus botnet attacks corporate applications on Linux servers Read More »

DreamBus attacks corporate applications

PgMiner botnet attacks poorly protected PostgreSQL DBs

Palo Alto Networks has discovered the PgMiner botnet, which attacks and breaks into poorly protected PostgreSQL DBs in order to install miners. A new Linux-based cryptocurrency mining botnet exploits PostgreSQL’s Remote Code Execution (RCE) vulnerability, which compromises cryptojacking database servers. Cryptojacking (or simply malicious coin mining) is a common way for malware authors to monetize their operations. Palo Alto Networks has named the new cryptocurrency mining botnet “PGMiner” after its delivery channel and mining mode. The PgMiner botnet operates according to a well-known and well-established by criminals scheme: it randomly selects a range of IP addresses (for example, 18.xxx.xxx.xxx) and then enumerates all parts of this range looking for systems with an open port 5432 (PostgreSQL). PostgreSQL is one of …

PgMiner botnet attacks poorly protected PostgreSQL DBs Read More »

PgMiner attacks PostgreSQL DBs

KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal

Researchers from Imperva have found that the KashmirBlack botnet, active since the end of 2019, is behind attacks on hundreds of thousands of websites powered by popular CMS, including WordPress, Joomla, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart and Yeager. s a rule, a botnet uses the servers of infected resources to mine cryptocurrency, redirects legitimate traffic to spam sites, uses hacked sites to attack other resources and maintain its activity, and sometimes even arranges defaces. Thus, the researchers argue that KashmirBlack is currently operated by one C&C server, but uses more than 60 servers (mostly compromised resources) in its infrastructure. The main distribution method for KashmirBlack is to scan the Internet in search of sites that are running outdated software. …

KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal Read More »

KashmirBlack is behind WordPress attacks

P2P botnet Interplanetary Storm accounts more than 9000 devices

Bitdefender experts gave a detailed description of the work of the P2P botnet Interplanetary Storm (aka IPStorm), which uses infected devices as a proxy. ccording to researchers, the botnet includes more than 9,000 hosts (according to other sources, the number of infected devices exceeds 13,500), the vast majority of which are running Android, and about one percent are running Linux and Darwin. “These are various routers, NAS, UHD receivers, multifunctional boards (for example, Raspberry Pi) and other IoT devices. Most of the infected devices are located in Hong Kong, South Korea and Taiwan”, – said the researchers. The researchers write that the purpose of the botnet can be guessed by the specialized nodes that are part of the malware’s control …

P2P botnet Interplanetary Storm accounts more than 9000 devices Read More »

P2P botnet Interplanetary Storm

IPStorm botnet now attacks Android, macOS and Linux devices

For the first time, Anomali specialists noticed the IPStorm in June 2019, and then it attacked only Windows machines. Now it began to attack devices on Android, macOS and Linux. reviously, the botnet included about 3,000 infected systems, but even then the researchers discovered several strange and interesting features that were unique to IPStorm. For example, the full name of the malware – InterPlanetary Storm – comes from the InterPlanetary File System (IPFS), a P2P protocol that malware used to communicate with infected systems and transmit commands. “In addition, IPStorm was written in the Go language, and although no one is surprised with malware in this language, in 2019 this was not so widespread, which made IPStorm a rather exotic …

IPStorm botnet now attacks Android, macOS and Linux devices Read More »

IPStorm now attacks Android

Twitter and Graphika neutralized Dracula propaganda botnet

Experts from the Graphika research group talked about how they managed to find and neutralize the Dracula botnet on Twitter. It consisted of about 3,000 bots that spread pro-Chinese political spam and repeated official messages spread through government accounts. he botnet was discovered thanks to a rather exotic quirk of its creators: the vast majority of bot accounts used quotes from Bram Stoker’s Dracula for the first two tweets, as well as as a for the profile description. That is why the botnet got its name. “Not all the suspect accounts in the network had bios at all, but all those which did used incomplete quotes from Dracula. Adding to the impression that the network had been automated to bleed …

Twitter and Graphika neutralized Dracula propaganda botnet Read More »

Twitter and Graphika neutralized Dracula

Prometei botnet uses SMB for distribution

Cisco Talos has discovered a new botnet, Prometei, which was active since March 2020 and focused on mining the Monero (XMR) cryptocurrency. The researchers note that the Prometei botnet intensively uses the SMB protocol for distribution. he malware mainly attacks users from the USA, Brazil, Pakistan, China, Mexico and Chile. During four months of activity, the botnet operators “earned” about $5,000, that is, an average of about $1,250 per month. Do you know who else is focused on mining Monero and manipulates a variety of exploits? Lucifer! (don’t be alarmed – this is such malware) “The malware uses several techniques for distribution, including LOLbins (living off the land) to use legitimate Windows processes to execute malicious code (including PsExec and …

Prometei botnet uses SMB for distribution Read More »

Prometei botnet uses SMB

8 Signs Your PC Might Be a Botnet and How To Remove It

Botnet attacks have been around for a long time but are becoming increasingly more sophisticated. So far in past years, there have been several high-profile cases that illustrate the power of botnets. Through the global ‘Pony’ botnet attack, for instance, criminals stole about $220,000 in bitcoins and other digital currencies. And a large botnet recently infected Internet-connected home appliances including refrigerators to send out more than 750,000 malicious emails. Here’s the really scary part: Your computer could be part of a botnet, and you might not even be aware of it. And if your PC doesn’t have an antivirus protection and two-way firewall, you’ve just increased the chance that your PC could be a botnet. Here are 8 signs your …

8 Signs Your PC Might Be a Botnet and How To Remove It Read More »

How to understand that your system is infected? Be alert!

The network has a huge number of malicious programs and viruses that can affect the computer in a variety of ways. Some destroy your files, others use your data on sites you do not know, spread to other systems using your email program and even destroy everything that is on the hard drive. Infection of the computer can occur under pictures, links to them, greeting cards, sound and video files. In addition, viruses can be “picked up” from the Internet along with unlicensed software or other files and programs. But how to understand that you have virus in the system? What signs of it? Unexpected failures The unstable operation of the system is difficult not to notice. It happens once, …

How to understand that your system is infected? Be alert! Read More »

How to understand that your system is infected PC? Be alert!

The danger of botnet network

The word “botnet” is now very widespread and almost all users know what is mean. This is not surprising because this part of a network can be virtually any device with Internet access. Such network can infect many devices such a desktop computer, smartphone and home WI-FI-router. All of them may one-day weapon in the hand of cybercriminals. What is a “botnet” network, why they are dangerous and how don’t allow criminals to take control over your devices – we will answer all these questions in this post. What is a botnet? So botnet consists of any device with Internet access, what was infected with malware virus, and gain control in the wrong hands, without the user’s knowledge. This happens …

The danger of botnet network Read More »

The danger of botnet network
Scroll to Top