We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

avatar
admin
 Pinned June 9, 2018

<> Embed

@  Email

Report

Repin Zoom
Uploaded by user
FBI seizes domain behind major Russian botnet
<> Embed @  Email Report

FBI seizes domain behind major Russian botnet

Mariella Moon, @mariella_moon

May 24, 2018
 
FBI seizes domain behind major Russian botnet | DeviceDaily.com
 

The FBI has seized a domain linked to what’s believed to be a Russian botnet composed of 500,000 infected routers around the world. According to the Department of Justice, the botnet — that is, a network of computers infected with malware — is under the control of Russian hacking group “fancy bear” or “Sofacy.” Authorities believe the group was also behind the Democratic National Committee breach during the Presidential Elections in 2016. Sofacy reportedly use a malware called “VPN Filter” to exploit the vulnerabilities in home office routers manufactured by by Linksys, MikroTik, NETGEAR, and TP-Link and QNAP.

The Daily Beast says the malware reports back to an infrastructure — either a set of photos the hacking group uploaded on Phobucket or the URL ToKnowAll[.]com — once it has infected a router. That infrastructure then installs plug-ins that can steal log-in credentials or use computers to attack industrial control networks like the power grid’s. Photobucket already deleted those photos, and now authorities have seized the ToKnowAll[.]com to prevent the malware from being able to do anything harmful.

Based on the data the FBI gathered, the malware has to reconnect to an infrastructure every router reboot, so getting control of the ToKnowAll[.]com domain means being able to disrupt the botnet in a big way. The FBI will now be able to see the IP addresses of people whose machines had been infected with the malware. Symantec technical director Vikram Thakur explained to The Daily Beast: “One of the things they can do is keep track of who is currently infected and who is the victim now and pass that information to the local ISPs. Some of the ISPs have the ability to remotely restart the router. The others might even send out letters to the home users urging them to restart their devices.”

Since the malware is known to be present in 54 countries, including the United States, router-makers are now encouraging users to reboot their devices and to install the latest firmware to patch the vulnerability.

Engadget RSS Feed

(56)