Another Zeus Botnet Seizes Confidential Database Sized 60GB

According to the security investigators at AVG an anti-virus vendor, a fresh variant of Zeus botnet has stolen over 60GB of sensitive, private data out of 55,000 PCs it compromised and controlled. The new Zeus botnet named 'Mumba' is very small but deploys crimeware and phishing websites in bulk.

A report from the Anti-Phishing Working Group a few months back in 2010 states that the infamous Avalanche Group, which was behind 66% of the total phishing assaults during July-December 2009, carried out the data-theft activity.

Wrote AVG inside a research paper published on August 2, 2010, the criminals were extremely sophisticated while online as well as perfectly deployed crimeware and phishing websites via a bulk-generation arrangement.

This, according to AVG, meant that it was now a lot more difficult than before to lessen the threat via chasing the servers that supported the Mumba-gathered data.

Generally the C&C (command-and-control) channels of botnets operate on web-hosting services specially set up for hackers or on web-servers that have been hijacked. Consequently, it becomes feasible for taking apart the network via terminating the core computer-server. But, Mumba utilizes fast-flux technology, wherein it carries out its operations on numerous hijacked computers. Consequently, the host PC and the Internet Protocol address can be altered every now-and-then so that law enforcement and security researchers can barely takedown the malicious network.

Reportedly, the first time Mumba launched its infection campaign was in April-end 2010 when during the initial 7 days, hackers infected over 35,000 PCs. Thereafter, a number of smaller infection runs have included 20,000 more hijacked PCs to Mumba.

Remark the security investigators, similar to the Kneber botnet, Mumba is a highly appropriate instance of botnet herders segmenting their networks so that they can enhance operational security as well as set up contingency planning.

Meanwhile, the con artists, who now anticipate enhanced reverse engineering abilities of the industry over their C&C infrastructures, have started using lawful infrastructures to expand their command-and-control vectors. In addition, they're also realizing that gigantic bot networks are simply waiting for the moment when they would be so effectively reverse engineered that they'd just shutdown.

Related article: Another Worm Using Bush’s Theme Creeps Into PCs

» SPAMfighter News - 8/12/2010