Researchers Crack Furtim, SFG Malware Connection

New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies. According to security experts at Damballa, Furtim and the recently discovered SFG malware a...

Legend Perl IRC Bot - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Legend Perl IRC Bot Remote Code Execution', 'Description' = %q This module exploits a remote command execution on the Legend Perl IR...

Legend Perl IRC Bot Remote Code Execution Exploit

This Metasploit module exploits a remote command execution on the Legend Perl IRC Bot . This bot has been used as a payload in the Shellshock spam last October 2014. This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and UDP flooding, the ability to remove system logs, an...

POS Malware Nitlove Seen Dropped in Spam Campaign

Toss another strain of point-of-sale POS malware onto the growing heap discovered this year. The latest variant, a variant dubbed NitlovePOS, was spotted being dropped on victims who were compromised by a spam operation. Researchers with the firm FireEye were in the middle of tracking a campaign ...

ZeroAccess Peer To Peer Botnet Takedown Incomplete

Microsoft trumpeted its disruption of the ZeroAccess peer-to-peer botnet late last week, but some experts are holding off on scheduling a celebratory ticker-tape parade. With numerous successful takedowns of botnets with a centralized command and control infrastructure in its back pocket, Microso...

Tor Botnet Makes Bad Move to Anonymity Network

MEvade, the massive botnet using Tor as a communication protocol, may have moved operations to the network in order to hamper potential takedown efforts, but according to security researchers, the move just served to shine a spotlight on the botnet’s activities. Rather than hide traffic from bots...

PushDo Malware Returns with Domain Generation Algorithm

Four times since 2008, authorities and technology companies have taken the prolific PushDo malware and Cutwail spam botnet offline. Yet much like the Energizer Bunny, it keeps coming back for more. In early March, researchers at Damballa discovered a new version of the malware that had adopted a...

Gunter Ollmann on Opt-In Botnets and Targeted Attacks

Dennis Fisher talks with Gunter Ollmann, VP of research at Damballa, about the new generation of hacktivism and opt-in botnets, as well as the trend toward targeted attacks in corporate environments. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

Behind the Scenes of the Botnet Epidemic

2009 saw many, many new botnet outbreaks and advancements in their criminal management. Throughout the year Damballa tracked thousands of distinct criminal operated botnets and identified millions of newly compromised enterprise systems each day. This week I’m going to share some of our findings...