Botnet attacks


Tracker: SpyEye Not Yet Zeus-Like In Stature

The SpyEye Tracker, a new site that hopes to trace the activity of the budding SpyEye Trojan, went live this week and shows the emerging SpyEye botnet to be global in reach, but still much smaller than the Zeus botnet with which it has merged.

Botnet Targets SSH Servers Via Brute Force

The dd_ssh bot is currently responsible for an increase in brute force
attacks on SSH connections. Botnet herders are apparently injecting the
script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. Read the full article. [The H Security]


Over the past week, security researchers and vendors have been playing a cat-and-mouse game with a cybercrime-friendly ISP known as TROYAK-AS. The results so far? A series of attempts by the cybercriminals to restore access to their botnet, and an invaluable learning experience for the community, with the gang exposing node after node of malicious activity. Read the full article. [ZDNet]

A network frequently used for malware delivery was shut down Wednesday night, probably against the will of its operators. Troyak.org, an Internet service provider well-known for
serving Zeus botnets and other malware delivery methods, went dark
overnight, resulting in the shutdown of as many as 25 percent of the
world’s Zeus botnets, according to researchers. Read the full article. [Dark Reading]

New capabilities are strengthening the ZeuS botnet,
which criminals use to steal financial credentials and execute
unauthorized transactions in online banking, automated clearing house
(ACH) networks and payroll systems. The latest version of this
cybercrime toolkit offers a $10,000
module that can let attackers completely take control of a compromised
PC. Read the full article. [Network World]

Like the sequel to a successful movie, the botnet behind the distributed denial of service attacks that hit the country of Georgia during its conflict with Russia in 2008 has been updated. This time though, the idea isn’t hacktivism—it’s stealing financial data and, unlike in the case of other Russian botnets, the targets are the operators’ own countrymen. Read the full article. [eWEEK]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.