It seems similar the the world has declared state of war against the Cyber Criminals. In a recent update, nosotros reported that FBI is offering $3 Million inwards Reward for the arrest of GameOver Zeus botnet mastermind, as well as meanwhile British cyber-police has taken downward widely-spread RAMNIT botnet.
The National Crime Agency (NCA) inwards a articulation functioning amongst Europol's European Cybercrime Centre (EC3) as well as law enforcement agencies from Germany, Italy, the Netherlands, as well as the United Kingdom of Great Britain as well as Northern Ireland has taken downward the Ramnit "botnet", which has infected over 3.2 1000000 computers worldwide, including 33,000 inwards the UK.
Alike GameOver Zeus, RAMNIT is also a 'botnet' - a network of zombie computers which operate nether criminal command for malicious purposes similar spreading viruses, sending out spam containing malicious links, as well as carrying out distributed denial of service attacks (DDoS) inwards gild to convey downward target websites.
RAMNIT believes to spread malware via trustworthy links sent through phishing emails or social networking sites, as well as mainly target people running Windows operating systems inwards gild to steal coin from victims banking concern accounts. Moreover, populace FTP servers receive got also been constitute distributing the malware.
Once installed, the infected figurer comes nether the command of the botnet operators. The module inadvertently downloads a virus onto the victim’s figurer which could live used past times operators to access personal or banking information, steal passwords as well as disable anti-virus protection.
RAMNIT SHUT-DOWN IN AN OPERATION
In a statement on Tuesday, Europol revealed that the successful take-down of Ramnit botnet involved the assist of Microsoft, Symantec as well as AnubisNetworks. The groups close downward the botnet's command as well as command infrastructure as well as redirected traffic from a total of 300 domain addresses used past times Ramnit criminal operators.
"This successful functioning shows the importance of international law enforcement working together amongst individual manufacture inwards the struggle against the global threat of cybercrime," said Wil van Gemart, Europol's deputy managing director of operations. "We volition proceed our efforts inwards taking downward botnets as well as disrupting the center infrastructures used past times criminals to send a multifariousness of cybercrimes."
NASTY FEATURES OF RAMNIT BOTNET
Symantec says that Ramnit has been or hence for over 4 years, outset originating equally a figurer worm. According to the anti-virus firm, Ramnit is a "fully-featured cybercrime tool, featuring 6 criterion modules that render attackers amongst multiple ways to compromise a victim." The features are:
- SPY MODULE - This is i of the close powerful Ramnit features, equally it monitors the victim’s spider web browsing as well as detects when they take in online banking sites. It tin flame also inject itself into the victim’s browser as well as manipulate the bank’s website inwards such a way that it appears legitimate as well as easily pick out handgrip of victim’s credit carte details.
- COOKIE GRABBER - This steals session cookies from spider web browsers as well as send them dorsum to the Ramnit operators, who tin flame as well as hence job the cookies to authenticate themselves on websites as well as impersonate the victim. This could allow an assaulter to hijack online banking sessions.
- DRIVE SCANNER - This scans the computer’s difficult drive as well as steals files from it. The scanner is configured inwards such a way that it searches for specific folders which incorporate sensitive data such equally victims’ passwords.
- ANONYMOUS FTP SERVER - By connecting to this server, the malware lets attackers remotely access the infected computers as well as browse the file system. The server tin flame live used to upload, download, or delete files as well as execute commands.
- VIRTUAL NETWORK COMPUTING (VNC) MODULE - This characteristic provides the attackers amongst some other agency to gain remote access to the compromised computers.
- FTP GRABBER - This characteristic allows the attackers to get together login credentials for a large expose of FTP clients.
WHY BOTNET RE-EMERGE AFTER TAKEDOWNS ?
According to the authorities, Ramnit botnet has been taken down, but is it guaranteed that the botnet volition non re-emerged again? We receive got seen the took downward of GameOver Zeus botnet past times FBI as well as Europol equally well, but what happened at last? Just afterwards a month, GameOver Zeus botnet over again came into operation amongst to a greater extent than nasty features.
So, What went wrong? Why Botnet receive got downs are ineffective? One argue could live that the organisations pick out handgrip of as well as take-down exclusively a pocket-size fraction of command-and-control domains that construct upward the Botnet critical infrastructure, but leaves a bulk of fraction active. This takes some months for a botnet operator to recover.
As to a greater extent than as well as to a greater extent than botnet networks are taken downward past times Law Enforcement, cyber criminals are increasingly using secondary communication methods, such equally peer-to-peer or domain generation algorithms (DGA).
One of the principal reasons that the Botnet re-emerged is because the writer of the malware didn’t larn arrested. No thing how many domains are taken downward or how many sinkholes researchers create, if the attackers are non arrested, nobody tin flame halt them from edifice new Botnet from zero.
On this nosotros actually appreciate the FBI stride to vantage $3 Million for the data leading to the straight arrest or conviction of Evgeniy Mikhailovich Bogachev, the alleged writer of GameOver Zeus botnet that was used past times cybercriminals to steal to a greater extent than than $100 Million from online banking concern accounts.
