Thursday, June 17, 2021

Researchers weaken Virut botnet

Security researchers were able to decommission a number of domain names used by cyber crook s to load the Virut malware into computers, according to international non-profit, anti-spam organization The Spamhous Project Ltd.

Spamhous said the Virut botnet has been dropping the ZeuS , e-banking Trojan and the Kehilios spambot onto Virut infected computers as part of the crime ring’s “Pay Per Install” business model where other cyber criminals pay the Virut botmasters to install their own virus on Virut-infected machines.

Spamhouse worked with the Polish Computer Emergency Response Team (CERT.pl), NASK, the home.pl domain registrar and Group-IB a Russian information security firm in the crackdown.

“NASK has taken over multiple domain names used for criminal activities, making their further usage for illegal purposes impossible,” CERT Poland said in a statement on its Web site. “The domain names were used to spread and control a dangerous malware known as ‘Virut’.”

Virut has been one of the most “disturbing threats” in the Internet since 2006, according to CERT.

RELATED CONTENT

Malware targets Java HTTP servers
Mass mailers, Trojans continue to appear in malware

Spamhous said Virut is a worm that typically spreads through removable drives such as USB sticks and network shares but can also proliferate via file infection. It is estimated to have infected no less than 300,000 computers.

Among the domain names used by cyber criminals to distribute Virut are “mainly within the .pl ccTLD (poland), but also within the .ru ccTLD (Russia) and the .at ccTLD (Austria),” said Spamhous in a statement. “These domains are registered by the operators of Virut to control the botnet.”

Read the rest of Spamhous’ report here

 

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News