Andromeda Gone – One of the world’s largest botnets, consisting of around 2million machines has been taken down by law enforcement and the private sector. Also known as Gamarue or Wauchos, the takedown took place on Wednesday 29 November with the Federal Bureau of Investigation (FBI), the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust, Shadowserver Foundation, Microsoft, ESET, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI) all involved. The botnet delivered millions of emails filled mainly with the Eponymous malware but also carried nearly 80 different malware families over the last six months. During the investigation, Andromeda’s suspected creator was arrested in Belarus and seven main command-and-control (C&C) servers that were used to manage the botnet were seized along with 1,500 domain names that would have been used to host these servers for small periods of time. Investigators kept the botnet alive for a further 48hrs after seizing it to see the extent of it and found that Andromeda infected users were in 223 countries, and over two million infected bots tried to connect to the seven C&C servers during that time. By no means small, Andromeda still had a way to go to compete with the world’s largest botnet, called Necurs and has an estimated 5-6 million bots per month.
Watch Out for PayPal Scam – With the festive decorations going up and the holiday season in full swing, people are flocking online to buy their Christmas presents for friends and family. However, as always the fraudsters and attackers look to exploit people during this time and the latest one is a fraudulent PayPal scam. Like previous PayPal phishing attacks, this one makes use of the PayPal logo with the sender’s address being firstname.lastname@example.org. The email body claims that the victim needs to click a link in order to verify a transaction. Instead of verifying a transaction, the individual is taken to “epauypal.com” that is made to look like a genuine PayPal site, where it is trying to get your personal information, such as your name, date of birth, address, mother’s maiden name, and credit card number. It has a real SSL certificate, making it look like a secure site, with the green padlock and also some security certificates thrown in for good measure. However, if you look closely you can tell the site is fake by certain normal features missing from the website such as no link for “help”, no ability to update your account settings and no notification icons. Best to be extra vigilant this Christmas period, so you don’t fall foul of someone else’s scam.
Man Hacks Jail, Man Goes to Jail – A US man from Michigan is facing up to 10 years in prison and a fine of up to $250K after he hacked into the network of the Washtenaw County Jail and changed the release dates of an incarcerated inmate to get them released earlier. Employing a email spear phishing and a vishing campaign, Konrad Voits, managed to convince employees of the jail that he was a member of the jail’s IT department and convinced them to download malware onto their computers. The malware gave Voit full access to the network, including access to sensitive County records such as the XJail system (the computer program used to monitor and track inmates in the County Jail), search warrant affidavits, internal discipline records, and County employee personal information,” the plea agreement reads. The FBI, who were brought in to investigate says Voit, was able to obtain information, including passwords, usernames, emails, and other personal information of over 1,600 County employees. Once Voits had access to this data, investigators said he accessed the XJail system, searched and accessed the records of several inmates, and modified at least one entry “in an effort to get that inmate released early.” Unfortunately for Voits, the modification was noticed immediately by the jail employees, who called in the FBI and a security company to investigate. Voit pleaded guilty to the charge and now awaits a hearing on April 5, 2018.