Security News
The U.S. Department of Justice announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm. IPStorm enabled cybercriminals to run malicious traffic anonymously through Windows, Linux, Mac, and Android devices all over the world.
The FBI says it has dismantled another botnet and collared its operator, who admitted hijacking tens of thousands of machines around the world to create his network of nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in Florida in January and sent to Puerto Rico, where he pleaded guilty [PDF] in September, details of which were only publicized today by the US Department of Justice.
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir said. The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script from a command-and-control server.
The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August...
The Mozi botnet has all but disappeared according to security folks who first noticed the prolific network's slowdown and then uncovered a kill switch for the IoT system. Then this August, the criminal network's activity took "a sudden and unanticipated nosedive," according to ESET Research, which on Wednesday said its team found an activated kill switch to "Put the IoT zombie botnet in its grave."
Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. Mozi is a well-known DDoS malware botnet that emerged in 2019, primarily targeting IoT devices such as routers, digital video recorders, and other internet-connected gadgets.
The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an "Aggressively updated arsenal of exploits." It's the first major update to the IZ1H9 Mirai variant in months and arrives bolstered with tools to break into devices from D-Link and Zyxel, among others.
An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of...
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023. Cado says the latest P2PInfect samples feature additions and improvements that make it more capable of spreading to targets and showcase the continuous development of the malware.
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed.