AOH :: ISNQ6573.HTM

Botnet with 60GB of stolen data cracked wide open

Botnet with 60GB of stolen data cracked wide open
Botnet with 60GB of stolen data cracked wide open


http://www.theregister.co.uk/2010/08/02/mumba_botnet_infiltrated/ 

By Dan Goodin in San Francisco
The Register
2nd August 2010

Researchers have cracked open a botnet that amassed more than 60GB of 
passwords and other stolen data, even as it cloaked itself using a 
state-of-the-art technique known as fast flux.

When its command-and-control server was infiltrated, the Mumba botnet 
had snagged more than 55,000 PCs, according to the researchers from 
anti-virus provider AVG. The data-stealing operation is the work of the 
notorious Avalanche Group, a criminal operation that was responsible for 
two-thirds of all phishing attacks in the second half of 2009, according 
to a report earlier this year from the Anti-Phishing Working Group.

.These criminals are some of the most sophisticated on the internet, and 
have perfected a mass-production system for deploying phishing sites and 
'crimeware,'. AVG wrote in a report issued Monday. .This means that 
mitigating the threat by going after the servers hosting the data using 
the 'Mumba' botnet is now much harder than before..

Most botnet command-and-control channels run on compromised webservers 
or web-hosting services designed for criminals, making it possible to 
dismantle the network by taking down the central server. Mumba, by 
contrast, makes use of fast-flux technology, in which the operations are 
carried out on thousands of compromised PCs. That allows the IP address 
and host machine to change every few minutes, a measure that frequently 
foils takedown attempts by researchers and law enforcement.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/

Site design & layout copyright © 1986- CodeGods