Botnet with 60GB of stolen data cracked wide open

Botnet with 60GB of stolen data cracked wide open
Botnet with 60GB of stolen data cracked wide open 

By Dan Goodin in San Francisco
The Register
2nd August 2010

Researchers have cracked open a botnet that amassed more than 60GB of 
passwords and other stolen data, even as it cloaked itself using a 
state-of-the-art technique known as fast flux.

When its command-and-control server was infiltrated, the Mumba botnet 
had snagged more than 55,000 PCs, according to the researchers from 
anti-virus provider AVG. The data-stealing operation is the work of the 
notorious Avalanche Group, a criminal operation that was responsible for 
two-thirds of all phishing attacks in the second half of 2009, according 
to a report earlier this year from the Anti-Phishing Working Group.

.These criminals are some of the most sophisticated on the internet, and 
have perfected a mass-production system for deploying phishing sites and 
'crimeware,'. AVG wrote in a report issued Monday. .This means that 
mitigating the threat by going after the servers hosting the data using 
the 'Mumba' botnet is now much harder than before..

Most botnet command-and-control channels run on compromised webservers 
or web-hosting services designed for criminals, making it possible to 
dismantle the network by taking down the central server. Mumba, by 
contrast, makes use of fast-flux technology, in which the operations are 
carried out on thousands of compromised PCs. That allows the IP address 
and host machine to change every few minutes, a measure that frequently 
foils takedown attempts by researchers and law enforcement.


Visit InfoSec News! 

Site design & layout copyright © 1986-2015 CodeGods