Security News

Microsoft and Other Tech Companies Take Down TrickBot Botnet
2020-10-13 10:44

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the malware's command-and-control infrastructure employed to communicate with the victim machines and identify the IP addresses of the C2 servers and other TTPs applied to evade detection.

Microsoft on the counter­attack! Trickbot malware network takes a hit
2020-10-12 21:03

These were servers that Microsoft had tied back to the operation of a large, long-lived and destructive zombie network known as Trickbot. Sadly, we've had to write about Trickbot many times over the years, as the criminals behind the operation have spammed out wave after wave of deviously constructed emails under a wide variety of guises, all with the ultimate goal of infecting as many victims as possible with zombie malware.

Microsoft and chums use US trademark law to trash Trickbot malware network
2020-10-12 18:30

An order granted by the US District Court for Eastern Virginia authorised Microsoft and chums to "Disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers." Jean-Ian Boutin, head of threat research, said: "Over the years we've tracked it, Trickbot compromises have been reported in a steady manner, making it one of the largest and longest-lived botnets out there. Trickbot is one of the most prevalent banking malware families, and this malware strain represents a threat for internet users globally."

Tech Companies Take Down TrickBot Botnet Infrastructure
2020-10-12 14:04

Microsoft on Monday revealed that it worked together with industry partners to shut down the infrastructure used by TrickBot operators and block efforts to revive the botnet. The Washington Post reported last week that the U.S. Cyber Command too attempted to hack TrickBot's C&C servers, in an attempt to take the botnet down to prevent attacks seeking to disrupt the U.S. presidential elections.

Microsoft and partners cut off key Trickbot botnet infrastructure
2020-10-12 13:51

"We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world. We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems," shared Tom Burt, corporate VP, Customer Security and Trust, Microsoft. "In recent times, Trickbot has been implicated in targeted ransomware attacks, where credentials stolen by the malware were used by the Ryuk ransomware operators to compromise victims' networks and encrypt all accessible computers. This assessment has been confirmed by Europol, which recently noted that 'the relationship between Emotet , Ryuk and Trickbot is considered one of the most notable in the cybercrime world'," Symantec researchers noted.

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet
2020-10-12 12:52

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant's trademarks.

TrickBot botnet targeted in takedown operations, little impact seen
2020-10-12 07:00

The Trickbot operation started hitting serious snags towards the end of September when enslaved computers received an update that cut them off from the botnet by changing the command and control server address to 127.0.0.1. On October 10, The Washington Post reported that the U.S. Cyber Command carried out a campaign seeking to disrupt the Trickbot botnet ahead of the presidential elections.

TrickBot botnet targeted in takedown operations, no impact seen
2020-10-12 07:00

The Trickbot operation started hitting serious snags towards the end of September when enslaved computers received an update that cut them off from the botnet by changing the command and control server address to 127.0.0.1. On October 10, The Washington Post reported that the U.S. Cyber Command carried out a campaign seeking to disrupt the Trickbot botnet ahead of the presidential elections.

Report: U.S. Cyber Command Behind Trickbot Tricks
2020-10-10 04:47

A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military's Cyber Command. On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers.

Attacks Aimed at Disrupting the Trickbot Botnet
2020-10-02 18:20

The crooks running the Trickbot botnet typically use these config files to pass new instructions to their fleet of infected PCs, such as the Internet address where hacked systems should download new updates to the malware. "This possibly means central Trickbot controller infrastructure was disrupted. The close timing of both events suggested an intentional disruption of Trickbot botnet operations."