Tag Archives: Joe Stewart

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

June 3, 2019

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent

September 26, 2012

28 Comments

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

Malware Dragnet Snags Millions of Infected PCs

September 19, 2012

23 Comments

Last week, Microsoft Corp. made headlines when it scored an unconventional if not unprecedented legal victory: Convincing a U.S. court to let it seize control of a Chinese Internet service provider’s network as part of a crackdown on piracy.

I caught up with Microsoft’s chief legal strategist shortly after that order was executed, in a bid to better understand what they were seeing after seizing control over more than 70,000 domains that were closely associated with distributing hundreds of strains of malware. Microsoft said that within hours of the takeover order being granted, it saw more than 35 million unique Internet addresses phoning home those 70,000 malicious domains.

Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweep

September 13, 2012

12 Comments

Microsoft said Thursday that it convinced a U.S. federal court to grant it control over a botnet believed to be closely linked to counterfeit versions Windows that were sold in various computer stores across China. The legal victory also highlights a Chinese Internet service that experts say has long been associated with targeted, espionage attacks against U.S. and European corporations.

Tagging and Tracking Espionage Botnets

July 30, 2012

14 Comments

A security researcher who’s spent the last 18 months cataloging and tracking malware that was developed and deployed online specifically for spying on governments, activists and industry executives says the complexity and scope of these cyberespionage malware networks now rivals many large conventional cybercrime operations.

Joe Stewart, senior director of malware research at Atlanta-based Dell SecureWorks, said he’s logged over 200 unique families of custom malware used in cyber-espionage campaigns, and some 1,000 domain names registered by cyberspies for using in hosting networks used to control the malware, or for use in “spear phishing,” highly targeted emails that spread the malware.

Who’s Behind the World’s Largest Spam Botnet?

February 1, 2012

14 Comments

A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. The latest casualties? Several individuals likely responsible for running Grum, currently the world’s most active spam botnet.

Pharma Wars: Mr. Srizbi vs. Mr. Cutwail

January 5, 2012

26 Comments

The last post in this series introduced the world to “Google,” an alias chosen by the hacker in charge of Cutwail — currently the world’s largest spam botnet. Google rented his crime machine to members of SpamIt, an organization that paid spammers to promote rogue Internet pharmacy sites. This made Google a top dog, but also a primary target of other botmasters selling software to SpamIt, particularly the hacker known as “SPM,” the guy behind the infamous Srizbi botnet.

DDoS Attack on KrebsOnSecurity.com

November 21, 2011

32 Comments

Last week, not long after I published the latest installment in my Pharma Wars series, KrebsOnSecurity.com was the target of a sustained distributed denial-of-service (DDoS) attack that caused the site to be unavailable for some readers between Nov. 17 and 18. What follows are some details about that attack, and how it compares to previous intimidation attempts.

The DDoS was caused by incessant, garbage requests from more than 20,000+ PCs around the globe infected with malware that allows criminals to control them remotely for nefarious purposes. If you’ve noticed that a few of the features on this site haven’t worked as usual these past few days, now you know why. Thanks for your patience.

$72M Scareware Ring Used Conficker Worm

June 23, 2011

14 Comments

Authorities seized computers and servers in the United States and seven other countries this week as part of an ongoing investigation of a hacking gang that stole $72 million by tricking people into buying fake anti-virus products. Police in Ukraine said the thieves fleeced unsuspecting consumers with the help of the infamous Conficker worm, although it remains unclear how big a role the fast-spreading worm played in this crime.

Rustock Botnet Flatlined, Spam Volumes Plummet

March 16, 2011

48 Comments

The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.

For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.