Ramnit Botnet makes a Comeback as far more Advanced

During early 2015, a joint task between Europol the initiator and several security vendors worked to sinkhole the notorious financial fraud operating Ramnit botnet's command-and-control servers. After ten months now, according to the X-Force Threat Intelligence group of IBM, the attackers responsible for the original network-of-bots are gradually amassing another edition of the malicious network with the aid of malevolent ads for contaminating people's PCs with a banker Trojan. Softpedia.com reported this dated December 26, 2015.

The first time Ramnit made an appearance was during 2010. From then it gradually expanded to hold rank No.4 among the biggest financial fraud networks-of-bots by the time 2014 ended. 'Ramnit' chiefly attacks English-speaking Internauts found largely within the countries of UK, USA and Australia. It quickly came to the notice of cyber-security firms such as AnubisNetworks, Symantec and Microsoft. These companies collaborated with EC3 abbreviation of 'European Cyber-crime Center' of Europol.

Security investigators at IBM state that the first version of Ramnit continues to dispatch instructions through its CnC servers. However, with Europol's intervention, these instructions aren't getting received at the infected PCs' end.

The two versions of Ramnit are not widely different, except for their methods of infection. Whilst Ramnit ver.1 employed its banking Trojan to infect detachable drives as well as network shares for disseminating to more and more victims, Ramnit ver.2, which's getting amassed through malevolent ads, diverts end-users onto an Angler EK-hosted web-page. The latest Ramnit banker Trojan operates via one fresh CnC server infrastructure, while, like IBM indicated, the botnet appears as the lone financial fraud network that ever-reemerged.

Moreover, according to IBM researchers, there has never occurred a sharing of Ramnit ver.1 with other gangs, nor a leakage of the botnet's source code, nor being hotly debated in the illegal black market. The second edition must be creation of identical people who developed the earlier edition, as they're the sole people who ever had acquired the Trojan's code.

In conclusion the researchers state that analyzing the Ramnit malware's earlier activity, it's possible that the Trojan's controllers will proliferate across the rest of the globe during forthcoming months.

» SPAMfighter News - 1/4/2016