Even Botnets Go on Holidays!

The attack model based on botnet-generated Distributed Denials of Service is opportunistic. The botmaster selects a target, gathers as many resources as possible among his army of zombie machines, and when he realizes to have achieved enough firepower, simply selects a target and pushes the attack button. After this the target is inevitably flooded by packets generated by the bots, while the unaware owners of the zombie machines perform their normal work or fun activities with their infected computers.... Read More

Value Added Distributors of Botnets

Cyber Crime, and in particular botmasters, never cease to amaze. If you were (not so much) surprised in discovering the compromised supply chain behind the Nitol Botnet (that allowed Chinese manufacturers to sell compromised computers pre-installed with the botnet), you’d better have a look at the ZeroAccess Botnet, which has recently been analyzed by Sophos.... Read More

The Cyber Battle in Middle East Continues…

In the last wave, Yourikan has taken down 106 Iranian sites, defacing them with a message against the Nuclear Strategy of Iran.

He also claims to have deleted the backend databases.

This is only the latest occurrence of the mutual attacks between the two cyber factions. My sixth sense and one half tells me that more are to come…

read more

1-15 September 2012 Cyber Attacks Timeline

Here it is the usual compilation for the Cyber Attacks in the first half of September, a period which has apparently confirmed the revamping of hacktivism seen in August.

Several operations such as #OpFreeAssange (in support of Julian Assange), #OpTPB2 against the arrest of The Pirate Bay Co-Founder Gottfrid Svartholm Warg, and #OpIndipendencia in Mexico have characterized the first half of September. Curiously the hacktivists have also characterized this period for a couple of controversial events: the alleged leak of 1 million of UDIDs from FBI (later proven to be fake) and the alleged attack to GoDaddy (later proven to be a network issue, that is the reason why I not even mentioned it in this timeline). Other actions motivated by hacktivists have been carried on by Pro-Syrian hackers.

read more

The Botnet Factory

Probably there’s something more in the Next Step Of Botnets besides BlackHole 2.0 and Tor C&C mentioned in my previous post. I mentioned the takedown of the Nitol Botnet by Microsoft as one of the most important infosec events of the last week, but I forgot to mention one important aspect related to this event: the malware supply chain.... Read More

The Next Step of Botnets

[caption id="attachment_8073" align="alignright" width="275"] A BlackHole (Exploit Kit) absorbing an Onion (Ring), the future of Botnets?[/caption]

This information security week has offered many interesting points: the brand new CRIME attack against SSL/TLS, the release of BlackHole Exploit Kit 2.0 that promises new stealth vectors of Drive-By download infections, the takedown of the emerging Nitol botnet by Microsoft, and, last but not least, the first (?) known example of a new generation of a C&C Server leveraging the anonymization granted by Tor Service.... Read More