Infected bank computers part of massive botnet, Finjan says

Article

Infected bank computers part of massive botnet, Finjan says

Marcia Savage, Features Editor, Information Security magazine
Researchers at Finjan said they discovered a massive botnet of 1.9 million infected computers from around the world, including some of the largest U.S. banks.

Finjan discovered the large-scale network of malware-infected computers in February as part of its research into the command-and-control servers operated by cybercriminals, said Ophir Shalitin, director of marketing at the San Jose, California-based security vendor. The command-and-control server for the botnet is hosted in the Ukraine and operated by six cybercriminals, he said.

The botnet, which continues to grow, has infected computers from 77 government domains, including 61 from the U.S., and large corporations, along with large U.S. banks, Shalitin said. Finjan notified law enforcement officials about the compromised systems as well as affected companies and government agencies.

Finjan researchers said the botnet's command-and-control server has a backend management application that makes it easy for attackers to manage the infected machines and order the bots to download additional malware. The malware allows attackers to remotely read emails, copy files, record keystrokes, launch spam attacks and take screen shots.

"They could do almost anything with the infected computer," Shalitin said.

    Requires Free Membership to View

    Login

    SearchFinancialSecurity.com members gain immediate and unlimited access to in-depth technical advice, strategies, and expert guides for securing data in high-risk financial environments. Join me on SearchFinancialSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchFinancialSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchFinancialSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

See all our coverage of RSA Conference 2009:

SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest RSA Conference 2009 news stories, interviews, podcasts, videos and more.
"The nightmare we can imagine here is that some computers inside banks or large organizations can be traded as part of a botnet resource for sale," he added.

Compromised websites, many of them legitimate, were the source of the malware, he said. Of the computers infected, 45% were from the U.S., according to Finjan.

Web-based attacks were the primary source of malware infections in 2008, according to Symantec's Internet Security Threat Report XIV released earlier this month. Most of these attacks are launched against users who visit legitimate websites rigged with malware, the Cupertino, Calif.-based security vendor said.

Last year, 63% of vulnerabilities documented by Symantec affected Web applications. That's up from 59% in 2007.

Shalitin said there are several steps organizations can take to protect themselves, including installing a secure Web gateway (which Finjan sells), and making sure Web vulnerabilities are patched. Researchers tested one of the botnet's Trojans against 39 antivirus products and found that only four detected it, he said.