Trojan Rovnix Infects More Than 130K UK PCs, Finds BitDefender
BitDefender has cautioned that more than 130K PCs inside United Kingdom are tainted because of Trojan Rovnix, the info-grabbing malware, within one botnet operation particularly victimizing high-profile entities across the country.
By nature one uncomplicated kind of malware, Rovnix has the ability to exhibit pay-per-click ads, produce false Blue-Screen-of-Death (BSOD), alternatively exhibit sites serving scareware, which are bogus anti-viruses, as well as tech support malicious campaigns.
In a remark, Chief Security Strategist Catalin Cosoi of BitDefender stated that the Rovnix scam attacking in United Kingdom confirmed the botnet was yet running strong. Its adoption of communication in encrypted form suggested that the threat was yet being actively developed. The security company hadn't witnessed Rovnix in its latest variant and wouldn't till sometime more, Cosoi analyzed. Securityweek.com published this, November 6, 2014.
Elsewhere Cosoi stated that his organization had seen 184K contaminated PCs worldwide through sink-holed domains. Infosecurity published this, November 6, 2014.
But, of those contaminated PCs, the maximum were within UK, leading to worries of large-volume data filching off entities victimized there.
Although the contaminated machines had been from all over the country, still most of the infected computers are in London accounting for 15.77%, Manchester -2.92%, Birmingham -2.80%, and Glasgow and Leeds -2.21% and 1.75% respectively.
Cosoi explained that UK being one extremely populous nation, plentiful money was getting drained. Some more prominent scams BitDefender tracked were getting executed vis-à-vis Belgium, France and Holland. It was very common to customize or specifically target since with more personalized messages, it was easier for duping end-users, Cosoi added.
BitDefender's researchers by examining botnet Rovnix's DGA (domain generation algorithm) realized that every quarter 5-10 domains were created through the formation of linked words obtained via textual documents, in particular, Requests for Comments web-pages along with specifications as well as the Lesser General Public License of GNU.
Surprisingly, according to BitDefender, the Rovnix scam in UK cites USA's Declaration of Independence for creating CnC domain-names. Moreover, the scam collected victims from Iran too accounting for 5,258 connections, with Italy, USA and Germany following together being responsible for 2 percent or even less of total connections.
» SPAMfighter News - 11/14/2014