angry tapir writes "Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam. In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, according to the company."

Trailrunner7 writes "The US has by far the highest number of bot-infected computers of any country in the world, with nearly four times as many infected PCs as the country in second place, Brazil, according to a new report by Microsoft. The quarterly report on malicious software and Internet attacks shows that while some of the major botnets have been curtailed in recent months, the networks of infected PCs still represent a huge threat."

Hugh Pickens writes "Science Daily Headlines reports that a new tool has been developed (funded by the National Science Foundation, US Army Research Office and US Office of Naval Research) to prevent 'drive-by downloads' whereby simply visiting a website, malware can be silently installed on a computer to steal a user's identity and other personal information, launch denial-of-service attacks, or participate in botnet activity. The software called Blade — short for Block All Drive-By Download Exploits — is browser-independent and designed to eliminate all drive-by malware installation threats by tracking how users interact with their browsers to distinguish downloads that received user authorization from those that do not. 'BLADE monitors and analyzes everything that is downloaded to a user's hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive,' says Wenke Lee, a professor in the School of Computer Science in Georgia Tech's College of Computing. Blade's testbed automatically harvests malware URLs from multiple whitehat sources on a daily basis and has an interesting display of the infection rate of different browsers, the applications targeted by drive-by exploits, and the anti-virus detect and miss rates of drive-by binaries."

CWmike writes "In a paper published Wednesday (PDF), Scott Charney, who heads Microsoft's trustworthy computing group, spelled out a concept of 'collective defense' that he said was modeled after public health measures like vaccinations and quarantines. The aim: To block botnet-infected computers from connecting to the Internet. Under the proposal, PCs would be issued a 'health certificate' that showed whether the system was fully patched, that it was running security software and a firewall, and that it was malware-free. Machines with deficiencies would require patching or an antivirus update, while bot-infected PCs might be barred from the Internet."

richi writes "There's no doubt that botnets are a major threat to the safety and stability of the internet — not to mention the cleanliness of your inbox. After years of failure to act, could we finally be seeing ISPs waking up to their responsibilities? While ISPs can't prevent users getting infected with bots, they are in a superb position to detect the signs of infection. Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as bot infection would be contrary to the terms of the ISP's acceptable-use policy."

eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

Velcroman1 writes "Pity the criminal mastermind. After all, he's a victim too, reports FoxNews.com. Despite the sophisticated DRM baked into the ZeuS bot to protect it from theft, that's exactly what has happened. 'ZeuS is actually being pirated, so you can get all the versions for free,' said Roel Schouwenberg, senior anti-virus researcher with security software firm Kaspersky Labs. 'They introduced a hardware-based activation process similar to Windows activation, to make sure only one purchased copy of the ZeuS kit — the kit that produces malware — can run on one computer,' said Sergei Shevchenko, senior malware analyst for security software company PC Tools."

Following on the 19 ZeuS botnet arrests in the UK, adeelarshad82 and other readers sent word that US and New York officials have unsealed more than 90 indictments of money mules and others accused of helping siphon more than $3M from 5 banks and dozens of individuals, and sending it overseas. The Manhattan US Attorney announced charges against 37 individuals and New York charged 55. Most of those indicted are foreign students who came to the US on exchange visitor visas. Most are from Russia, the Ukraine, Kazakhstan, or Belarus. Here is the FBI's lengthy press release. A security blogger has put up Facebook party photos of some of the indicted individuals who are still at large.

Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."

angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."

An anonymous reader writes "A large Zeus version 2 botnet is being used to conduct financial fraud in the UK and is operated from Eastern Europe. The botnet appears to be controlling more than 100,000 infected computers. The criminals have been harvesting all manner of potentially lucrative and revenue-producing credentials — including online account IDs plus login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks, and even FTP passwords."

mehemiah writes "The writer of the Mariposa Botnet has been arrested through international effort. The FBI said this arrest and the arrests of three alleged operators in February were the result of a two-year joint investigation into the Mariposa Botnet, which may have infected as many as eight million to 12 million computers around the world."

Trailrunner7 writes "Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations. New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded."

Trailrunner7 writes "Spammers and the botnet operators they're allied with are continuing to adapt their techniques to evade security technologies, and now are using what amount to disposable domains for their activities. A new report shows that the spammers are buying dozens of domains at a time and moving from one to another as often as several times a day to prevent shutdowns. New research shows that the amount of time that a spammer uses a given domain is basically a day or less. The company looked at 60 days worth of data from their customers and found that more than 70 percent of the domains used by spammers are active for a day or less."

The Risky Biz blog brings news that Big W, a subsidiary of Woolworths, has Windows-based Fuji photo kiosks in at least some of its stores that don't run antivirus software, and are therefore spreading infections, such as Trojan-Poison-36, via customers' USB storage devices. Here is the account of the original reporter. "It's not just the lack of AV that's the problem... it appears there's been zero thought put into the problem of malware spreading via these kiosks. Why not just treat customers' USB devices as read-only? Why allow the kiosks to write to them at all? It would be interesting to find out which company — Fuji, Big W, or even some other third party — is responsible for the maintenance of the machines. It would also be interesting to find out if there are any liability issues here for Big W in light of its boneheaded lack of security planning."

Trailrunner7 sends in this excerpt from Threatpost: "As major botnet operators have moved from top-down C&C infrastructures, like those employed throughout the 1990s and most of the last decade, to more flexible peer-to-peer designs, they also have found it much easier to keep their networks up and running once they're discovered. When an attacker at just one, or at most two, C&C servers was doling out commands to compromised machines, evading detection and keeping the command server online were vitally important. But that's all changed now. With many botnet operators maintaining dozens or sometimes hundreds of C&C servers around the world at any one time, the effect of taking a handful of them offline is negligible, experts say, making takedown operations increasingly complicated and time-consuming. It's security through ubiquity. Security researchers say this change, which has been occurring gradually in the last couple of years, has made life much more difficult for them. ... Researchers in recent months have identified and cleaned hundreds of domains being used by the Gumblar botnet, but that's had little effect on the botnet's overall operation."

dptalia writes "We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I've done some research and it appears the answer is very few (Well duh!). And those that are successfully prosecuted tend to have teenagers as the instigators. Does this mean DDoS is a fairly safe crime to conduct? Are the repercussions nonexistent? Does anyone have some knowledge an insight into this that I don't have? How would you go about prosecuting a DDoS attacker? What's your experience with getting the responsible parties to justice?"

KingofGnG writes "Computer threats are continuously evolving, and some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting under pressure security companies. A remarkable 'intelligent' threat is for instance Sality, the 'new generation' file virus that according to Symantec has practically turned into an 'all-in-one' malware incorporating botnet-like functionalities as well."

A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts. It goes on to explain how the owners of the server made use of a botnet to process that mountain of data: "Now it's time to turn those gaming credentials into hard cash. But how do you find out which credentials are valid and thus worth some money? Three options come to mind: 1) Log on to gaming websites 44 million times! 2) Write a program to log in to the websites and check for you (this would take months). 3) Write a program that checks the login details and then distribute the program to multiple computers. Option one naturally seems next to impossible. Option two is also not very feasible, since websites typically block IP addresses after multiple failed login attempts. By taking advantage of the distributed processing that the third option offers, you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done."

coondoggie writes "The Federal Trade Commission today got a judge to effectively kill off the Internet service provider 3FN, which the agency said specialized in spam, porn, botnets, phishing, and all manner of malicious web content. The ISP's computer servers and other assets have been seized and will be sold by a court and the operation has been ordered give back $1.08 million to the FTC."