"Certain media reports claiming that the affected device count has increased from 7,000 to 62,000 since October 2019 are inaccurate" The post Taiwan’s QNAP Denies Storage Equipment Infections Are Rising appeared first on Computer Business Review.
The FBI has reminded the world it wants us to reboot our routers to try and help it identify VPNFilter-affected routers.It first asked for reboots last Wednesday, May 23, in the Department of Justice VPNFilter media release, but on Friday added a stand-alone public service announcement emphasising its "IT Crowd" strategy.Last week, Cisco Talos researchers announced the malware had infected around 500,000 home and small office routers and NAS devices.The company listed routers from Linksys, MikroTik, Netgear, and TP-Link, and QNAP storage systems, as targets of VPNFilter.Talos noted that the malware was trying to target machines in the Ukraine, and the FBI attributed the attacks to the group known as “Sofacy” or “Fancy Bear”.On Thursday, the FBI revealed it had seized a domain associated with the campaign, giving it the chance to drop malware traffic into a sinkhole.
FBI Anchorage in Alaska just showed its appreciation on Twitter to Qihoo 360, the leading Chinese cybersecurity company providing anti-virus solutions, for its role in cracking three local cyber crime cases involving significant DDOS attacks.Defendants in the cases have pleaded guilty to be responsible for creating “Mirai” and clickfraud botnets, infecting hundreds of thousands of IoT devices with malicious software, according to the press release on the website of US Department of Justice.It’s unclear how the Chinese cybersecurity firm helped out in the case, but local FBI has tweeted out an appreciation note, saying that “ FBIAnchorage would like to thank our business partners in this case: 360.CN, AT, Dyn, Paterva, Paypal and ShadowServer.”Interesting enough, meanwhile in China, Qihoo 360 is trapped in the controversy of invading privacy.A Chinese post-90 girl wrote a furious letter addressing Zhou Hongyi, CEO and chairman of Qihoo 360, accusing the firm of privacy invasion.She pointed out that Qihoo’s live streaming service Shuidi Zhibo (水滴直播) had been live broadcasting with what should be used as surveillance cameras from public spaces like gyms, restaurants, and internet cafes, while the customers were not aware of the fact that they could be watched online.
In response, Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows, such as XP and Server 2003, as well as modern builds.It specifically abuses a bug designated MS17-010 that Redmond patched in March for modern versions of Windows, and today for legacy versions – all remaining unpatched systems are therefore vulnerable and can be attacked.Its internal tool to do this, codenamed Eternalblue, was stolen from the agency, and leaked online in April – putting this US government cyber-weapon into the hands of any willing miscreant."IP addresses from our sinkhole have been sent to FBI and ShadowServer so affected organisations should get a notification soon," said the researcher.This is based on the Eternalblue tool stolen from the NSA, and was developed by infosec biz RiskSense.Computers were locked in Aintree, Blackpool, Broomfield Hospital in Essex, Colchester General Hospital, all hospital systems in Derbyshire, Great Yarmouth, East and North Hertfordshire, James Paget hospital in Norfolk, Lanarkshire, and Leicester.
There is now one less malicious botnet operating in the wild, which should mean a little less spam for all of us.Kelhios, one of the longest-running, most malicious botnets in the world, has reportedly been taken down by United States Department of Justice, following the arrest of its alleged operator, Russian programmer Pyotr Levashov.The botnet has been in operation since 2010, helping to deliver spam, steal login information and distribute ransomware, though will now be dismantled as part of a concerted effort of federal operatives and volunteer organizations.Levashov has been under investigation since as early as 2009 for running various botnets, though due to a lack of an extradition treaty between the United States and Russia — where he was suspected to reside — getting hold of him proved difficult.However, when he was found to be flying into Spain, where an extradition treaty does exist, he was picked up by local law enforcement and will likely now be shipped to the U.S. to face charges.In a joint investigation with security firm CrowdStrike and The Shadowserver Foundation volunteer group, DOJ officials discovered the same IP address was used to operate the Kelihos botnet and to access Levashov’s personal email account.
The Justice Department announced Monday that it had successfully targeted a man prosecutors called “one of the world’s most notorious criminal spammers,” a Russian hacker known as Peter Yuryevich Levashov, also known as Peter Severa, or “Peter of the North.” Levashov had long run the Kelihos botnet, a global network of infected computers that collectively flooded email inboxes worldwide with spam, stole banking credentials from infected users, and spread malware across the internet.Spanish authorities arrested Levashov, who normally resides in St. Petersburg, Russia, while he was on vacation with his family.Prosecutors described Kelihos as a sophisticated malware variant that harvested user credentials from victim computers, and was used to send massive quantities of spam emails.The complaints and court orders associated with the case also laid out details of how Levashov operated his business, offering a million spam messages promoting “legal” products such as “adult, mortgage, leads, pills, replics [i.e., counterfeit goods], etc.” for just $200, while that price went to $300 per million messages for “Job spam,” that is, messages that attempted to recruit job seekers into fraudulent positions, including “money mules” who would help launder stolen money and goods.As part of the operation, security researchers and the FBI teamed up to dismantle the Kelihos botnet itself, targeting three domains used to run the network—gorodkoff.com, goloduha.info, and combach.com—and redirecting traffic from infected computers to new servers controlled by authorities and the ShadowServer Foundation, a volunteer anti-cybercrime group, a process that’s known in cybersecurity circles as “sink-holing.”The arrest of Levashov—and the complex, sophisticated assault on his long-running botnet—marked another victory in the US government’s rising war against Russian aggression in cyberspace, coming just weeks after another Justice Department indictment charged both Russian criminals and intelligence officer with conspiring to hack Yahoo’s user database.
Federal prosecutors say they've dealt a fatal blow to Kelihos, a network of more than 10,000 infected computers that was used to deliver spam, steal login passwords, and deliver ransomware and other types of malware since 2010.The US Justice Department announced the takedown on Monday, one day after authorities in Spain reportedly arrested alleged Kelihos operator Pyotr Levashov, according to Reuters.The programmer and alleged botnet kingpin was apprehended after traveling with his family from their home in Russia, which doesn't have an extradition treaty with the US, to Spain, which does have such a treaty.A search warrant application unsealed Monday said prosecutors tied Levashov to Kelihos because he used the same IP address to operate Kelihos and to access his [email protected] e-mail account.The e-mail address and IP addresses were also associated with multiple online accounts in Levashov's name, including Apple iCloud and Google Gmail accounts.On Monday, US officials also unsealed a criminal complaint against Levashov that charged him with wire fraud and unauthorized interception of electronic communications.
The group infected more than 300 computers in 35 countries with information-stealing malwareThe infrastructure used by an Iranian cyberespionage group to control infected computers around the world has been hijacked by security researchers.Researchers from Palo Alto Networks came across the group's activities earlier this year, but found evidence that it has been operating since at least 2007.Its main tool is a custom malware program dubbed Infy, which was repeatedly improved over the years.The researchers have worked with domain registrars to seize the domains used by the attackers to control Infy-infected computers and to direct victims' traffic to a sinkhole server -- a server the researchers controlled.Control of the server was then transferred to the Shadowserver Foundation, an industry group that tracks botnets and works with ISPs and other parties to notify victims.