Police hijack a botnet and remotely kill 850,000 malware infections – TechCrunch

Forums Security News (Security) Police hijack a botnet and remotely kill 850,000 malware infections – TechCrunch

Tagged: 

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • October 4, 2019 at 12:48 pm #35191
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers.
        The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor.
        Although the malware was used to generate money, the malware operators easily could have run other malicious code, like spyware or ransomware.
        The security firm got involved after it discovered a design flaw in the malware’s command and control server.
        That flaw, if properly exploited, would have “allowed us to remove the malware from its victims’ computers” without pushing any code to victims’ computers, the researchers said.
        Because most of the malware’s infrastructure was located in France, Avast contacted French police.
        After receiving the go-ahead from prosecutors in July, the police went ahead with the operation to take control of the server and disinfect affected computers.
        The operation worked by secretly obtaining a snapshot of the malware’s command and control server with cooperation from its web host.
        The researchers said they had to work carefully as to not be noticed by the malware operators, fearing the malware operators could retaliate.
        “The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said.
        “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”
        With a copy of the malicious command and control server in hand, the researchers built their own replica, which disinfected victim computers instead of causing infections.
        “[The police] replaced the malicious [command and control] server with a prepared disinfection server that made connected instances of Retadup self-destruct,” said Avast in a blog post.

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.