http://www.theregister.co.uk/2010/08/02/mumba_botnet_infiltrated/ By Dan Goodin in San Francisco The Register 2nd August 2010 Researchers have cracked open a botnet that amassed more than 60GB of passwords and other stolen data, even as it cloaked itself using a state-of-the-art technique known as fast flux. When its command-and-control server was infiltrated, the Mumba botnet had snagged more than 55,000 PCs, according to the researchers from anti-virus provider AVG. The data-stealing operation is the work of the notorious Avalanche Group, a criminal operation that was responsible for two-thirds of all phishing attacks in the second half of 2009, according to a report earlier this year from the Anti-Phishing Working Group. .These criminals are some of the most sophisticated on the internet, and have perfected a mass-production system for deploying phishing sites and 'crimeware,'. AVG wrote in a report issued Monday. .This means that mitigating the threat by going after the servers hosting the data using the 'Mumba' botnet is now much harder than before.. Most botnet command-and-control channels run on compromised webservers or web-hosting services designed for criminals, making it possible to dismantle the network by taking down the central server. Mumba, by contrast, makes use of fast-flux technology, in which the operations are carried out on thousands of compromised PCs. That allows the IP address and host machine to change every few minutes, a measure that frequently foils takedown attempts by researchers and law enforcement. [...] -- Visit InfoSec News! http://www.infosecnews.org/Received on Wed Aug 04 2010 - 00:31:47 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 04 2010 - 00:50:35 PDT