Anti-virus company McAfee has at the Virus Bulletin conference in Prague received an award for research into a botnet which was in collaboration with the Dutch police shut. The botnet, which Beebone, VObfus or AAEH was called, was a polymorphic botnet.
The malware that caused computers part of the botnet had been active since 2009 and spread via infected USB sticks and social engineering. In early April of this year, the botnet was the High Tech Crime Team (THTC) of the Dutch police, the FBI, Europol and security Intel Security, Kaspersky Lab and Shadow Server taken off the air.
To disable the botnet domains were all registered and seized that used the malware to communicate with infected computers. Then the investigating authorities showed these areas to the servers of Internet providers and computer emergency response teams (CERTs) by pointing all over the world, a process also known as "sink holes" is mentioned.Research showed that the malware had infected 12 000 computers.
According to McAfee cooperation between law enforcement agencies and security companies was essential to make the botnet from the air. The anti-virus company wrote a technical report (pdf) on the malware and operation of the botnet.Previously received McAfee last week at the Virus Bulletin conference Peter Szor Award. An annual prize for the best security research named after the anti-virus pioneer deceased in 2013.
Szor began twenty years ago with the analysis of malware and in 2005 wrote the book "The Art of Computer Virus Research and Defense. He worked for Symantec and F-Secure, before he went to work in 2011 at McAfee. In 2013 died he unexpectedly. "This kind of research makes everyone safer, as did the survey conducted late Peter Szor," said Martijn Grooten of Virus Bulletin.
No comments:
Post a Comment