Watching The Drone Watchers

I smell China, or maybe Russia. The fact that the virus keeps resisting efforts to remove it shows that there’s some sophistication involved.

U.S. Military Drones Infected With Mysterious Computer Virus

A fleet of U.S. military drones on a Nevada Air Force base has been infected by a keylogger virus that tracks every key and button their pilots press, Wired.com reported Friday — and top Air Force sources strongly contested.

The virus was first noticed by officials at Creech Air Force Base nearly two weeks ago using the base’s security system. It logged every keystroke of the pilots in the control room on the base as they remotely flew Predator and Reaper drones on missions over Afghanistan and other battle zones.

There has been no confirmation of information being lost or sent to an outside source, but the virus has been resistant to military efforts to clear it from the system.

“We keep wiping it off, and it keeps coming back,” a source told Wired.

See also:
Exclusive: Computer Virus Hits U.S. Drone Fleet
Computers Controlling Military Drones Reportedly Infected with Virus
Computer Virus Attacks U.S. Military Drones: Wired
Keylogger virus hits US drone operations
Combat drones’ computer systems reportedly infected with virus
Computer virus hits US’ Predator drone fleet
US war drones keep flying despite computer virus
America’s Drones Have Been Infected by a Virus
Virus infects Pentagon drones’ computers
U.S. Drone Controllers Said To Be Infected By Computer Virus
US drones hit by virus
U.S. Military Facing a Battle Unlike Any Other
Cyberwar: a Whole New Quagmire – When the Drones Come To Roost
Creech Air Force Base

Theses computers didn’t just infect themselves, they were almost surely infected by someone, either deliberately or unwittingly, connecting a malware infected memory stick or other portable media storage device to the network. This has been a known attack vector for a long time now and it’s easily preventable, simply don’t allow portable media storage devices anywhere near classified computer networks!

/search all personnel coming and going if that’s what it takes, it’s a small price to pay for avoiding potentially catastrophic security breaches like this

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem

Rustock Reigned In

Chalk up a big win for the white hats in the ongoing cyberwar against the evil spammers.

Good guys take down notorious Rustock spamming botnet

Rustock, one of the largest and most notorious spam botnets, suddenly fell silent Wednesday and has remained off line.

The takedown of Rustock’s 26 command-and-control servers appears to be the result of a coordinated effort by longstanding anti-spamming groups, the most prominent of which is Spamhaus.org, according to cybersecurity blogger Brian Krebs, who broke the story.

Rustock’s control servers directed the activities of hundreds of thousands of infected PCs in homes and businesses, used primarily to deliver e-mail and social network messaging spam. Rustock is infamous for spreading ads for drugs from unlicensed online pharmacies.

Details of how the takedown was achieved are unclear; Rustock’s control servers were renowned for being nigh impregnable.

Rustock has been around for at least three years, and late last year had doubled its spam output over the previous year; in 2010, Rustock sent out more than 44 billion spam emails per day, accounting for as much as 48% of all spam, and had more than one million bots under its control, according to MessageLabs, Symantec’ messaging security division.

See also:
Rustock Botnet Flatlined with No Spam Activity
Notorious Spamming Botnet, Rustock, Takes a Fall
Rustock botnet’s operations disrupted
Major spam network silenced mid-campaign
Rustock botnet goes quiet again
The World’s Largest Spambot Network Goes Quiet
Prolific Spam Network Is Unplugged
Prolific Spam Network Is Unplugged
Rustock Botnet is Down, But Maybe Not Out
Rustock botnet

It still amazes me how the botnet spammers find hundreds of thousands of computers to infect. If everyone would just keep their software patches up to date, botnets wouldn’t be a problem in the first place. It’s like leaving the front door to your house wide open with a sign that says “burglars welcome”.

/one of the biggest upshots of the Rustock takedown is that if you want to buy Viagra or other erectile dysfunction drugs in the future, you’re going to have to go see your doctor, because the spam offers will hopefully no longer flood your email inbox

We’re Number One, We’re Number One!

This is why it’s important to keep your computer security up to date.

US Ranks First for Bot-Infected Computers and Spam Output

According to data gathered by Microsoft’s Malicious Software Removal Tool (MSRT), the United States had the highest number of computers infected with botnet malware, during the first half of 2010.

Botnet are armies of infected computers, which connect to remote command and control (C&C) servers and listen to instructions from attackers.

Botnets can serve a variety of criminal activities, but the largest ones are primarily used to send spam.

According to a recent report from Symantec, during the first half of the year, 90% of the daily spam traffic was generated by five to six million compromised computers.

In the latest edition of its Security Intelligence Report (SIR), Microsoft reveals that during Q2, MSRT has cleaned 2,148,169 bot infections from US computers.

That’s four times more than in the second country on the list, Brazil, with 511,002. Spain (485,603), Korea (422,663) and Mexico (364,554) complete the top five.

“Unsurprisingly, the list is dominated by populous locations with large numbers of computer users, led by the United States and Brazil,” says Microsoft.

However, there are at least two regions with large numbers of computers that do not dominate the list – China, which finished 8th, and Russia, 9th.

See also:
Featured Intelligence – Battling Botnets
USA Is Still #1 In Botnets
United States Ranked Number One for Relaying Spam, Sophos Reports
Report: United States is world’s top spammer
US Has Most Botnet-infected PC’s
Microsoft Report: 2 Million US PCs Part of Botnets
Microsoft: Over 2 million U.S. PCs caught in botnets
Millions Of US Computers Completely Pwned By Botnets
Microsoft: Your Computer Could be One of 2.2 Million Infected Botnet PCs
Microsoft: Botnets are the ‘launch pad of cybercrime’

If you’re not sure whether you have an infected computer, run Microsoft’s Malicious Software Removal Tool (MRT). Go to Start/Run and then type in “mrt”.

/if you’re not part of the solution, you’re part of the problem