By Dan Goodin in San Francisco
2nd August 2010
Researchers have cracked open a botnet that amassed more than 60GB of
passwords and other stolen data, even as it cloaked itself using a
state-of-the-art technique known as fast flux.
When its command-and-control server was infiltrated, the Mumba botnet
had snagged more than 55,000 PCs, according to the researchers from
anti-virus provider AVG. The data-stealing operation is the work of the
notorious Avalanche Group, a criminal operation that was responsible for
two-thirds of all phishing attacks in the second half of 2009, according
to a report earlier this year from the Anti-Phishing Working Group.
.These criminals are some of the most sophisticated on the internet, and
have perfected a mass-production system for deploying phishing sites and
'crimeware,'. AVG wrote in a report issued Monday. .This means that
mitigating the threat by going after the servers hosting the data using
the 'Mumba' botnet is now much harder than before..
Most botnet command-and-control channels run on compromised webservers
or web-hosting services designed for criminals, making it possible to
dismantle the network by taking down the central server. Mumba, by
contrast, makes use of fast-flux technology, in which the operations are
carried out on thousands of compromised PCs. That allows the IP address
and host machine to change every few minutes, a measure that frequently
foils takedown attempts by researchers and law enforcement.
Visit InfoSec News!