The Polish computer emergency response team (CERT) is hoping to rip apart a major botnet by wresting control of command and control domains used by attackers to control infected machines.
Virut has been used to pilfer user data, carry out distributed denial of service (DDoS) attacks and send out spam. The botnet was recently seen uploading the Waledac malware to machines, in attackers’ attempts to massively increase spamming powers of infected systems.
CERT Polska sinkholed 23 domain names, a number of which are also associated with running other botnets related to the Zeus malware.
“NASK, the operator of the Polish domain registry, took over 23 of these domains yesterday (Jan 17, 2013) in an effort to protect Internet users from Virut-related threats,” CERT Polska said, in its post on Friday.
“Name servers for those domains were changed to sinkhole.cert.pl, controlled by CERT Polska – an incident response team operated by NASK. NASK’s actions were supported by threat intelligence data from CERT Polska, VirusTotal and Spamhaus.”
Whilst the efforts of Polish officials is unlikely to help catch the crooks and end their campaigns, onlookers believe the takedowns will provide some benefit to the Internet.
“The benefits of a takedown are usually fairly brief, because the crooks, sadly, just move somewhere else, and may even program their malware with an automatic system for finding new C&C servers,” said Sophos’ Paul Ducklin, in a blog post.
“But you have to start somewhere, and every takedown demarcates a part of the internet where the Good Guys have said, ‘No more!’
“If nothing else, this sends a message to the sort of fringe-dwelling ISP that is willing to take dirty money by looking the other way to cyber criminality.”
What do you know about online security? Try our quiz and find out!
After the United States imposes 100 percent tariffs on certain Chinese goods, Europe widens its…
OpenAI strikes deal with Reddit to train its AI tech on user posts and give…
Global spending spree from Microsoft continues, with huge investment for new data centre to drive…
Workforce blow. Newly privatised Toshiba has embarked on a 'revitalisation plan' that will entail the…
European Commission opens an official child safety investigation into Facebook and Instagram-owner Meta Platforms
Hundreds of AI and cloud engineers are being offered relocation out of China by Microsoft,…