Finjan finds botnet of 1.9 million infected computers

SAN FRANCISCO--Security firm Finjan has uncovered what it says is one of the largest bot networks controlled by a single cybergang, with 1.9 million infected zombie computers.

The botnet has been in use since February, is hosted in the Ukraine, and is controlled by a gang of six people who are instructing the Windows XP-based machines to copy files, record keystrokes, send spam, and take screenshots, Ophir Shalitin, Finjan marketing director, said in an interview on the eve of the RSA security conference.

The gang has compromised computers in 77 government-owned domains in the U.S. and elsewhere, he said. Nearly half of the infected computers were in the United States. Nearly 80 percent of the infected computers are running Internet Explorer, while 15 percent are using Firefox, Finjan said.

The criminals operating the botnet can make as much as $190,000 in one day renting out the zombies to others, according to Finjan Chief Technology Officer Yuval Ben-Itzhak.

The command-and-control server being used to control the infected PCs is instructing the bots to download and execute a Trojan horse, which is detected by only 4 out of 39 antivirus products, said Shalitin.

The Trojan installs malicious executables that communicate with other computers, inject code into processes, visit Web sites, and other activities the user has no involvement with, according to a post on the Finjan Malicious Code Research Center blog.

"Overall, the cybergang can remotely execute anything it likes on the infected computers," the post says.

[Sam Papelbon]

if only we could authorize snipers in cases such as this

What is been done about this?

[Mark_Anderson]

They've bben identified, the owners noted and closed down.

Since the malware came from browser vulnerabilities they're user activated. I'm going to bet that the organisations responsible hadn't updated their patches either.

[globalist_agenda]

It's a Cyber Pandemic. All this talk about how we must be prepared for a global pandemic and yet we have one already. And why in hell aren't Microsoft operating systems classified as a national security risk? You would think that having banking, commerce, manufacturing, the national power grid, and defense industries at risk would be a national emergency.

[lkrupp]

Actually the users of these compromised machines should be classified as national security risks. It's almost a certainty that Microsoft has already issued patches for the vulnerabilities used to create this botnet. It's all the stupid users out there who never patch their machines, don't run AV software, and don't have firewalls turned on that are the culprits. And I say this as an Apple fanboy defending Windows.

[Mark_Anderson]

Mostly because the vast majority of users and organisations actually patch their systems and run virus sweeps - which is how the BBC caught and dealt with their one. Unfortunately a few stupid and lazy IT departments and users rather let the side down.

[monkeyfun14]

And those lazy IT need to be fired promptly and barred from future employment as a IT.

Back in the day, when we used Commodore 64's and the BBS (Bulletin Board System) was how we communicated before the Internet, we would counter this attack nonsense by "imaging" the attacker's disk drives. In essence, we would counter-attack by placing a hidden program on their system drives with a timer that formatted their drives in a flash without notification.

Is this justified?

Let's see. In Russia, for example, a lot of these "whiz-kid-hackers" are heroes because they stick it to the West (US). Thus, government enforcement in Russia is minimal or non-existant when they steal our money or wreck our tech infrastructure.

Goose or gander?

Just, a thought.

[Random_Walk]

"Mostly because the vast majority of users and organisations actually patch their systems and run virus sweeps"

ROTFL! No they don't... the vast majority of them are home users, who think that their long-expired trial copies of McAfee or Norton will save them, and wouldn't recognize a Windows update if it bit them in the arse and announced itself as one.

[poundjd]

If the computers are government owned and operated, then most likly the IT deparment is not Lazy or stupid, they are overwork, under-resourced and told to not too many patches because it causes problems.... Some Federal Goverment IT securty organizations are funded at levels that would approach criminality in industry....

[anhtney]

so which 4 anti viruses know this virus?

[anhtney]

oh whoopy, didnt see the link!

[anhtney]

2 of those anti viruses are free. lol. this is what we get for being cheap :) :) :) :) :)-------- (: (: (: (: (:

[Angmarr]

http://blog.kiplinger.com/techtracker/2009/04/piercing-apples-security-myth.html

[Greg5A]

My free AdAware software recently detected and removed a "TrojanGhost" on my machine. The current updated versions of Norton and SpySweeper both missed it.

[OakRedwoodz]

Does anyone believe that anti-viral companies want total security?

[reddevil10304]

Ok,
here is the whole spybot, spyware virus deal,

Spybots are aimed only to hit the gov domain computers as their data is of most importance,
Let the gov take care of it

Nw as far as home pc's are concerned -
This goes in relevance to all spams being sent out, spyware attacks, random sites popping ups etc etc etc
i've been a technician with Microsoft's call center here in india,
The dept u ppl call PC Safety, 1-800-PCSafety

PPl frm MS tech desk in doubt my v dash id is v-6prdas

Anyways bck to the topic

The thing is that if ppl stay away frm sites that are suspicious then their pc's are perfectly fine,
we guys used to get and still are gettin A LOT of ppl calling in with regards to spyware attacks on the pc's.

So do u really think we techies use stuff frm microsoft.... ha ha, Ba*ls
We use just 3 programs to get those mean viruses and spywares out,

First is SMITFraud,
Second is ComboFix
Third would be Anti Malware Bytes,

run all three,
applies if ur able to access the internet,
u'l be fine....

Talk about a hard shot of reality eh,

anyways to talk about other things jus try and spread the word to any and everybody u knw, even if u can to ur entire state....

coz basically we guys here in india are workin way to hard pickin up back to back calls fr u ppl and frankly we r gettin a little bored of the same things over and over again everyday.....
btw microsoft pays us ****** money fr real,

jus kiddin lol :D

more info @ reddevil10304@hotmail.com