100,000 UK PCs Freed by Botnet Takedown
YNOT EUROPE – A botnet that controlled an estimated 100,000 personal computers in the UK has been taken offline, security researchers announced this week.
Allegedly set up by eastern European cybercriminals, the network seized control of PCs using a variant of the Zeus 2 toolkit, then stole personal data including banking, email and social network log-ins; credit and debit card information and client-side certificates. Researchers at anti-malware firm Trusteer, working with the London’s Metropolitan Police, located the command-and-control center and the botnet’s drop servers and disabled them by reverse engineering the malware to gain access.
Trusteer has declined to point out the servers’ exact location or name the specific cybercriminals suspected.
“The cybercrime servers were hidden, but the hackers were not using a lot of security, so it was possible to find a way into the database,” Trusteer Chief Executive Officer Mickey Boodaei told The Register.
Though the original infection vector is unknown, researchers said the malware probably was distributed through infected email and drive-by downloads. While not tremendously sophisticated as malware toolkits go, the Zeus kit has become the go-to software for virus and Trojan dissemination in recent years. The most recent version, which Trusteer Chief Technology Officer Amit Klein is the one the botnet’s creators used, is the most deadly.
“There are some significant changes between Zeus 1.x and Zeus 2.0,” Klein told The Register. “Zeus 2.0 installs differently [and is] better adapted to newer Windows operating systems. Additionally, Zeus 2.0 has built-in support for Firefox.”
Also according to Klein, the now-defunct botnet that attacked only PCs in the UK represents a growing trend in regionalized attacks.
Comments are closed.