dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1299
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

ZeroAccess Botnet: We're Gonna Need a Bigger Planet


Posted by Sean @ 15:08 GMT
Some botnets are so big… you can see them from space (or at least, Google Earth).

Here's what the ZeroAccess botnet looks like in Europe:
»www.f-secure.com/weblog/archives···428.html
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Report: Bandwith-Burning Malware Among Biggest Consumer Threats

A new malware report indicates Android malware samples grew three-fold last quarter and that one in every 140 devices connected to mobile networks was infected at some point.

Closer to home, about 14 percent of household networks were hit by malware this spring, with a 50 percent increase in high-level bots, Trojans and backdoors, according to the Q2 2012 Malware Report from Kindsight Security Labs.

Among the biggest threats to consumers was the ZeroAccess botnet, which grew to more than 1.2 million super nodes resulting in ad-click fraud that at one point burned through bandwidth equivalent to 45 monthly movie downloads per subscriber.

"In recent months, we've seen the ZeroAccess botnet update its command and control protocol and grow to infect more computers while connecting to over one million computers globally," Kevin McNamee, a security architect and director for Kindsight Security Labs said in a statement. "The concern with ZeroAccess is that it is using the subscriber's bandwidth maliciously which will cost them money as they exceed bandwidth caps. And, once the computer is compromised, it can also spread additional malware or launch new attacks."

The Mountain View, Calif. company's findings are based on malicious network communications traffic detected at the service provider level.

During the three-month period, the top home network infections as ranked by Kindsight security researchers were Hijacker.MyWebSearchToolbar, Spyware.SCN-ToolBar, Hijacker.StartPage.KS, Adware.GameVance and Mac.Bot.Flashback.K/I. The Mac Flashback bot finished at the top of all high-level threats for the quarter, staying in the No. 1 spot for four weeks in a row in April.

Next in ranking were the ZeroAccess botnet and NineBall/Gumblar. DNSChanger, which received a lot of doomsday-like publicity as a deadline to pull servers tied to infected users drew near, ranked eighth on the list.

The ZeroAccess/Sirefef bot earlier this year modified its command-and-control protocol to evade detection and quietly distribute fraud-laced malware. By the end of June, Kindsight researchers found 3,321 infected computers actively communicating with more than 1.2 million Internet peers - nearly 2.5 times the number of infected machines from the same time the quarter before. India (18 percent) and the United States (10 percent) led nations with infected peers.

»threatpost.com/en_us/blogs/repor···s-071912
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
reply to Name Game
I get the feeling that if some of these Botnets where used as distributed computing setups that they would have enough raw compute power to crack the strongest firewalls the CIA, NSA and even Google could imagine.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

1 edit
said by Kearnstd:

I get the feeling that if some of these Botnets where used as distributed computing setups that they would have enough raw compute power to crack the strongest firewalls the CIA, NSA and even Google could imagine.

Who's to say some of these botnets are not run by said TLA's?

Also, I looked at the report and investigated the top 10 Android malware samples. All of them but one needed to be installed from shady third party markets (the one exception was promptly removed from Google Play). The banking trojan requires that the user's Windows PC be infected as well.

Stick with the official market, folks. While a few rare samples will penetrate the official market here and there, by far the biggest threat are third party markets. AV software is not needed if you follow that advice.

--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 edit
reply to Name Game
here is a related video that i ran across, from AT&T's "threat traq":

»www.youtube.com/watch?v=luTb_DVNxjc


there is not really any new information in the video but i enjoyed watching it, and it is good to know that AT&T is tracking the malware situation, and they say that they intend to try to do something about it..


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Name Game
How to Launch a 65Gbps DDoS, and How to Stop One

Yesterday I posted a post mortem on an outage we had Saturday. The outage was caused when we applied an overly aggressive rate limit to traffic on our network while battling a determined DDoS attacker. In the process of writing it I mentioned that we'd seen a 65Gbps DDoS earlier on Saturday. I've received several questions since that all go something like: "65Gbps DDoS!? Who launches such an attack and how do you defend yourself against it?!" So I thought I'd give a bit more detail.
What Constitutes a Big DDoS?
A 65Gbps DDoS is a big attack, easily in the top 5% of the biggest attacks we see. The graph below shows the volume of the attack hitting our EU data centers (the green line represents inbound traffic). When an attack is 65Gbps that means every second 65 Gigabits of data is sent to our network. That's the equivalent data volume of watching 3,400 HD TV channels all at the same time. It's a ton of data. Most network connections are measured in 100Mbps, 1Gbps or 10Gbps so attacks like this would quickly saturate even a large Internet connection.

more here..
»blog.cloudflare.com/65gbps-ddos-no-problem
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
reply to Name Game
Wait until botnets take over the universe!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Complex ZeroAccess Rootkit Installed More Than 9 Million Times, Says Sophos

“Our research has discovered that the ZeroAccess botnet is currently being used for two main purposes: Click fraud and Bitcoin mining. If running at maximum capacity the ZeroAccess botnet is capable of making a staggering amount of money: in excess of $100,000 a day.”

»www.securityweek.com/complex-zer···-sophos?
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Name Game
ESET has an impoved trove of stand-alone Cleaners, give a look-see.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Name Game
The F-Secure botnet graphic has been freshed since your last post.