Tag Archive for: takedowns

FBI’s Qakbot operation opens door for more botnet takedowns

/in


The FBI’s recent takedown of the QakBot botnet sent shockwaves throughout the cybersecurity community when it was first announced last week. QakBot had become the malware of choice for dozens of hacking groups and ransomware outfits that used it to set the table for devastating attacks.

Since emerging in 2007 as a tool used to attack banks, the malware evolved into one of the most commonly-seen strains in the world, luring an ever-increasing number of machines into its powerful web of compromised devices. Justice Department officials said their access to the botnet’s control panel revealed it was harnessing the power of more than 700,000 machines, including over 200,000 in the U.S. alone.

But almost as interesting as the takedown was the way law enforcement agencies pulled off the disruption.

Senior FBI and Justice Department officials — who called it “the most significant technological and financial operation ever led by the Department of Justice against a botnet” — explained in a briefing that they managed to infiltrate the botnet’s infrastructure and take a range of actions to shut it down.

Using a court order, the law enforcement agencies deployed the botnet’s auto-updating feature against itself to send out a custom application that uninstalled QakBot and disabled the feature on devices in the U.S.

“It’s as if the boss gave the order, ‘leave this workplace and don’t come back,’” said John Hammond, principal security researcher at the cybersecurity intelligence firm Huntress.

Chester Wisniewski, field CTO of applied research at Sophos, said the tactic reminded him of NotPetya, where a software downloader feature was abused by Russian hackers to download malware instead of updates.

“Almost all modern botnets have auto update functionality and if you can gain control of the communications channels you can essentially make them self-destruct,” Wisniewski said. “If we start having success with that though, criminals could start using digital signatures to make this more difficult.”

Other botnets

The FBI and other law enforcement agencies have conducted similar operations in the past to take down botnet networks.

The FBI’s targeting of the…

Source…

Critics of DMCA takedowns flood Copyright Office with thousands of comments

/in

Critics of the Digital Millennium Copyright Act have flooded the U.S. Copyright Office with tens of thousands of comments complaining about a process that often forces websites to kill user-generated content when faced with a copyright complaint.

Before Thursday, the Copyright Office had received only about 80 public comments about potential changes to the DMCA’s notice-and-takedown provisions, with the comment period scheduled to close Monday.

But another 55,000 people had filed comments as of Friday morning after digital rights group Fight for the Future and YouTube channel ChannelAwesome launched a campaign late Thursday to encourage people to complain about “the many ways that the DMCA is abused to censor and take down legitimate content from the Internet, stifling innovation, cultural creation, and freedom of speech.”

To read this article in full or to leave a comment, please click here

Network World Security

Polish CERT acts against Virut malware with domain takedowns

/in

CERT Polska has announced takedown action against web properties associated with a huge botnet known as Virut. Paul Ducklin takes a look at takedowns, and why they are important even if their effectiveness is often short-lived…
Naked Security – Sophos