Flashback/SabPub

2012 The Mac malware scene shifted into high gear in 2012 with the emergence of the Flashback trojan and the revelation that its authors had control of a massive botnet containing well over a half-million machines. Flashback and SabPub, which exploited the same Java vulnerabilities, are the first...

Analysis: Flashback Spread Via Social Engineering, Then Java Exploits

Kaspersky Lab‘s latest analysis of the Mac OS X Flashback botnet reveals that the botnet’s malware was spread via drive-by downloads on hacked WordPress web sites. From September 2011 until February 2012, the Flashback creators distributed the trojan through compromised WordPress sites that...

New Mac Malware, SabPub, Used In Targeted Attacks

Researchers at Kaspersky Lab says a new malicious program, dubbed SabPub, exploits the same Java security hole as the Flashback Trojan and enables targeted attacks against Mac users. The new malware was identified in a blog post by Kaspersky Lab expert Costin Raiu on Saturday and is described as ...

Apple, Following Microsoft's Lead, Plans to Disable Flashback Botnet

Apple, which usually doesn’t get involved much in security issues outside of issuing patches when needed, said it is working with internet service providers around the world to disable the Flashback botnet’s command and control servers. Flashback exploits a security flaw in Java, Apple explains,...

Apple Developing Fix For Flashback Malware

Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. The latest version of Flashback has built a botnet that at times has included more than 600,000 infected machines. Apple said on Tuesday that it was...

Ryan Naraine and Costin Raiu on Flashback and Mac Security

Dennis Fisher talks with Ryan Naraine and Costin Raiu about the Flashback Mac botnet, why Apple is reluctant to let third parties update software on Macs and the future outlook for the security of Macs. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

Java: The OSX and Cross-Platform Nightmare

By Roel Schouwenberg For a few days now I’ve been asking myself the following question: Which is more important: The fact we had a 500k-strong OSX botnet fly under the radar or the culprit that enabled the malware to infect so many machines? Every time the answer is clear – Java has become an...

Researchers Confirm 600K-Strong Flashback Botnet Is Mostly Mac

Kaspersky Lab researchers say that analysis of the Flashfake botnet confirms the size of the malicious network and that it consists mostly of Mac OS X machines. Researchers at Kaspersky wrote on Friday that they were able to reverse engineer the domain generation algorithm used by the botnet, the...

Questions Abound On Size and Makeup of Flashback Botnet

The botnet assembled by the Flashback Trojan that’s been infecting Macs in recent months is turning out to be a rather difficult one to pin down. Researchers have said that the network of compromised machines may be upwards of 600,000, while newere estimates say that it’s more likely in the...

More than 600000 Macs system infected with Flashback Botnet

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computer...

Flashback Mac Trojan Hits More than 500K Machines

The Flashback Trojan that has been infecting Mac OSX machines of late appears to have become the most successful piece of Mac-based malware in the short history of such things. Researchers say that there have been upwards of 500,000 Macs infected by the malware, and that number may still rise...

Active Zeus C&Cs Remain Following Microsoft Takedown

It appears that Microsoft’s recent Zeus takedown attempt left some bots behind. Days after the company announced it had sinkholed the troublesome botnet, researchers say that there are still some C&C domains active. FireEye Malware Intelligence Lab’s Atif Mushtaq is reporting that, despite a...

POC Android botnet - Command and Control Channel over SMS

POC Android botnet - Command and Control Channel over SMS To avoid detection, this proof-of-concept code utilizes the Short Messaging Service SMS as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out...

Kelihos Returns: Same Botnet or New Version?

The twice-shut-down Kelihos botnet remains active and continues spamming with a new variant, despite yesterday’s efforts by Kaspersky Lab and CrowdStrike that knocked offline and sinkholed the most recent version of the botnet. According to a Seculert report, the indomitable botnet is using a...

Kelihos Botnet with 110,000 PCs take down finally

Kelihos Botnet with 110,000 PCs take down finally Botnets are particularly insidious, using thousands of virus-infected computers which their owners are unaware are being used for sending out spam, launching denial-of-service attacks and stealing data.But taking down a botnet poses challenges. Th...

Kaspersky Knocks Down Kelihos Botnet Again, But Expects Return

For the second time in six months, researchers from the Russian antivirus company, Kaspersky Lab, carried out an operation to take down the newest iteration of the Kelihos botnet, also known as “Hlux.” Microsoft and Kaspersky worked together in September, 2011, on the first Kelihos take-down. The...

Richard Boscovich on the Zeus Botnet Takedown

Dennis Fisher talks with Richard Boscovich of the Microsoft Digital Crimes Unit about the operation to take down the Zeus botnet, how the company works with partners and law enforcement on these operations and the importance of getting the word out to consumers about the danger of botnets. Podcas...

Microsoft, Financial Groups Execute Takedown of Zeus Botnet Servers

Microsoft has gone after another botnet, this time targeting some of the command-and-control infrastructure behind the Zeus network with a takedown effort that included seizing two IP addresses used for C&C servers and filing suit against 39 unnamed defendants. The action against Zeus is the late...

THOR : Another P2P Botnet in development with extra stealth features

THOR : Another P2P Botnet in development with extra stealth features The research community is now focusing on the integration of peer-to-peer P2P concepts as incremental improvements to distributed malicious software networks now generically referred to as botnets. Because "botnets" can be used...

Variant of Zeusbot/Spyeye Botnet uses p2p network model

Variant of Zeusbot/Spyeye Botnet uses p2p network model Cybercriminals are using a modified version of the Zeusbot/Spyeye, which is using a peer-to-peer P2P network architecture, rather than a simple bot to command-and-control C&C server system, making the botnet much harder to take down, Symante...