Virut botnet takedown sinkholes 23 domains

By
Follow google news

Polish cyber security experts seized domains.

Polish cyber security experts seized domains behind the Virut botnet over the weekend.

Virut botnet takedown sinkholes 23 domains

Control of the 23 .pl domains was mastered by Polish registrar Nask, with the Polish computer emergency readiness team (CERT) assuming control of redirected traffic from the domains.

“Since 2006, Virut has been one of the most disturbing threats active on the internet," Cert Polska said.

"Interestingly, Virut's main distribution vector is executable file infection, and most users would get infected by using removable media or sharing files over networks. However, more recent versions of the malware have been capable of infecting HTML files, injecting an invisible iFrame that would download Virut from a remote site.

Infected computers would connect to an IRC server controlled by the attacker and receive instructions to download and run arbitrary executable files without owner's knowledge.

Symantec's threat report said that Virut controlled 300,000 machines, while Kaspersky Lab said that Virut was responsible for 5.5 per cent of malware infections in the third quarter of 2012.

Symantec security response Denis Carmody said that Virut was downloading variants of the Waledac worm onto compromised PCs adding the number of computers infected with W32.Waledac.D continues to increase.

Cert Polska said that among the sinkholed 23 domain names were two websites that were broadly associated not just with Virut but also with the Zeus Trojan.

Paul Ducklin, head of technology for Sophos Asia Pacific, said: “So taking over some or all of those servers can make a big difference, at least temporarily, to the crooks' ability to operate their botnets.

“Every infected PC that crooks can no longer send on a criminal mission represents lost opportunity and lost revenue, and that hits them where it hurts: the pocket.”

This article originally appeared at scmagazineuk.com

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Log In

  |  Forgot your password?