Polish Officials Move To Decapitate Virut Botnet

The Polish computer emergency response team (CERT) is hoping to rip apart a major botnet by wresting control of command and control domains used by attackers to control infected machines.

Virut has been used to pilfer user data, carry out distributed denial of service (DDoS) attacks and send out spam. The botnet was recently seen uploading the Waledac malware to machines, in attackers’ attempts to massively increase spamming powers of infected systems.

The botnet was believed to be 300,000 bots strong. At its height, in mid-2012, it was the fifth most widespread threat, according to Kasperksy.

Virut downed?

CERT Polska sinkholed 23 domain names, a number of which are also associated with running other botnets related to the Zeus malware.

“NASK, the operator of the Polish domain registry, took over 23 of these domains yesterday (Jan 17, 2013) in an effort to protect Internet users from Virut-related threats,” CERT Polska said, in its post on Friday.

“Name servers for those domains were changed to sinkhole.cert.pl, controlled by CERT Polska – an incident response team operated by NASK. NASK’s actions were supported by threat intelligence data from CERT Polska, VirusTotal and Spamhaus.”

Whilst the efforts of Polish officials is unlikely to help catch the crooks and end their campaigns, onlookers believe the takedowns will provide some benefit to the Internet.

“The benefits of a takedown are usually fairly brief, because the crooks, sadly, just move somewhere else, and may even program their malware with an automatic system for finding new C&C servers,” said Sophos’ Paul Ducklin, in a blog post.

“But you have to start somewhere, and every takedown demarcates a part of the internet where the Good Guys have said, ‘No more!’

“If nothing else, this sends a message to the sort of fringe-dwelling ISP that is willing to take dirty money by looking the other way to cyber criminality.”

What do you know about online security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

4 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

4 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

5 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

5 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

6 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

6 hours ago