Infected bank computers part of massive botnet, Finjan says

Finjan researchers discovered a botnet of 1.9 million compromised computers at banks, government agencies and other organizations.

Researchers at Finjan said they discovered a massive botnet of 1.9 million infected computers from around the world, including some of the largest U.S. banks.

Finjan discovered the large-scale network of malware-infected computers in February as part of its research into the command-and-control servers operated by cybercriminals, said Ophir Shalitin, director of marketing at the San Jose, California-based security vendor. The command-and-control server for the botnet is hosted in the Ukraine and operated by six cybercriminals, he said.

The botnet, which continues to grow, has infected computers from 77 government domains, including 61 from the U.S., and large corporations, along with large U.S. banks, Shalitin said. Finjan notified law enforcement officials about the compromised systems as well as affected companies and government agencies.

Finjan researchers said the botnet's command-and-control server has a backend management application that makes it easy for attackers to manage the infected machines and order the bots to download additional malware. The malware allows attackers to remotely read emails, copy files, record keystrokes, launch spam attacks and take screen shots.

"They could do almost anything with the infected computer," Shalitin said.

See all our coverage of RSA Conference 2009:

SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest RSA Conference 2009 news stories, interviews, podcasts, videos and more.
"The nightmare we can imagine here is that some computers inside banks or large organizations can be traded as part of a botnet resource for sale," he added.

Compromised websites, many of them legitimate, were the source of the malware, he said. Of the computers infected, 45% were from the U.S., according to Finjan.

Web-based attacks were the primary source of malware infections in 2008, according to Symantec's Internet Security Threat Report XIV released earlier this month. Most of these attacks are launched against users who visit legitimate websites rigged with malware, the Cupertino, Calif.-based security vendor said.

Last year, 63% of vulnerabilities documented by Symantec affected Web applications. That's up from 59% in 2007.

Shalitin said there are several steps organizations can take to protect themselves, including installing a secure Web gateway (which Finjan sells), and making sure Web vulnerabilities are patched. Researchers tested one of the botnet's Trojans against 39 antivirus products and found that only four detected it, he said.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close