Computer Technology News & Tips

A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.

The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams.

But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a “sinkhole,” or a computer they controlled.

But the computers that comprised Kelihos were still infected with its code. Researchers knew that it would only be a matter of time before its controller used the botnet’s complex infrastructure of proxy servers and communication nodes to regain control.

In fact, it happened shortly after the researchers intervened. Sinkholing the botnet was only a temporary solution.

“We could have issued an update to those machines to clean them up, but in several countries that would be illegal,” said Ram Herkanaidu, security researcher and education manager for Kaspersky Lab.

(more…)

A worm previously used to commit financial fraud is now stealing Facebook login credentials, compromising at least 45,000 Facebook accounts with the goals of transmitting malicious links to victims’ friends and gaining remote access to corporate networks.

The security company Seculert has been tracking the progress of Ramnit, a worm first discovered in April 2010, and described by Microsoft as “multi-component malware that infects Windows executable files, Microsoft Office files and HTML files” in order to steal “sensitive information such as saved FTP credentials and browser cookies.” Ramnit has previously been used to “bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks,” Seculert says.

Recently, Seculert set up a sinkhole and discovered that 800,000 machines were infected between September and December. Moreover, Seculert found that more than 45,000 Facebook login credentials, mostly in the UK and France, were stolen by a new variant of the worm.

“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further,” Seculert said. “In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.” (more…)

A lot of you reading this are either aware or have encountered links to web sites that turned out to be fronts for hackers. This week, as reported by News.com, six people were arrested in Estonia for allegedly being a part of the creation of the malware program known as DNSChanger. The malware has infected over 4 million PCs, including 500,000 here in the US, and redirected the people who used those PCs to rogue web sites that generated ad money for the hacker team. A seventh suspect in Russia is still on the loose.

Basically this malware attack caused people who used those infected PCs to be redirected to rogue DNS servers, which then pointed them to specific web sites designed to raise money for the hackers. Those false servers were later shut down and replaced by real DNS servers in the hope that even people who have infected PCs will no longer be able to surf to those sites.

The FBI is currently letting people who might have an infected PC check to see if that is indeed the case via a special FBI web site. PCs which have the DNSChanger program installed are also prevented from updating their operating system or any anti-virus programs.

As always, the first rule in using your own PC is safety and that includes not clicking on web sites or emails that look suspicious. You never know when things could suddenly pop up while surfing the net.

Source: BitWise Computer Repair