Malware Disruptions and More Information

Malware Disruptions and More Information

Malware Disruptions and More Information Malware Disruption Short description (you can Links for more information date also reference the Windows Defender Security Intelligence threat encyclopedia for more details Gamarue November • Also known as Andromeda Microsoft blog: Microsoft teams up with law 2017 • Sold as a crime kit on the enforcement and other partners to disrupt dark web with additional Gamarue (Andromeda) modules that could be added Europol newsroom: Andromeda botnet • Steals user names and dismantled in international operation passwords, disables security protections, and blocks Windows Update • Spreads through USB flash Geekwire: Microsoft releases new details on drives, instant messaging Gamarue malware botnet ad its 'sprawling programs, email, and infrastructure' social networks • Installs other malware types such as backdoor, downloaders, remote access, worm, spam, ransomware, and click fraud – a Gamarue infected system could be infected with dozens of additional different types malware Avalanche November • Used as a delivery 2017 platform to launch and manage mass global Europol newsroom: 'Avalanche' network malware attacks and dismantled in international cyber operation money mule recruiting campaigns Europol infographic: Operation Avalanche • Steals user names and passwords, launches denial of service (DoS) attacks, distributes other malware families, and targeted over 40 major financial institutions • Installs other malware types such as backdoor, downloaders, remote access, worm, spam, and click fraud Barium November • Targets high value Microsoft blog: Detecting threat actors in 2017 organizations holding recent German industrial attacks with sensitive data by Windows Defender ATP gathering extensive information about their employees through Courthouse News: Microsoft asks judge to publicly available take down Barium hackers information and social media, using that information to fashion phishing attacks Strontium August • Also known as Fancy Bear Microsoft blog: Our commitment to our 2016 or APT 28 customers' security • Leveraged Microsoft-like domains for spear ArsTechnica: Microsoft shuts down phishing phishing attacks, enabling sites, accuses Russia of new election meddling the criminals to install a remote access kit that could be used to exfiltrate Bloomberg: Microsoft embraces role as anti- sensitive data. hacking enforcer Wired: How Microsoft tackles Russian hackers - and why it's never enough Dorkbot December • Steals user names and ZDNet: Microsoft, law enforcement disrupt 2015 passwords, disables sprawling Dorkbot botnet security protection, blocks websites related to Threatpost: Microsoft, law enforcement security updates, and collaborate in Dorkbot takedown launches a limited denial of service (DoS) attack • Spreads through USB flash drives, instant messaging programs, and social networks • Installs other malware types such as backdoor, downloaders, remote access, worm, spam, and click fraud Simda April 2015 • The Simda.AT variant first Interpol news: Interpol ccordinates global appeared in 2012 and operation to take down Simda botnet caused significant damage to users through the manipulation of internet traffic and spread of other malware. • Simda’s function has ranged from a simple password stealer to a complex banking trojan Ramnit February • Online banking fraud Microsoft blog: Breaking up a botnet - How 2015 malware that impacted Ramnit was foiled 3.2M unique IPs across 195 countries CRN: Symantec, Microsoft support global • First detected as a worm, Ramnit botnet takedown spread very quickly due to aggressive self- propagation using phishing emails and social networking sites • Evolution to a Trojan, then to an extensive botnet, ramped up by the leaked source code of the Zeus Trojan back in 2011 • Web-injected spy module, or hook-spy module, would monitor web browsing history, inject additional fields into banking websites, and collect bank credentials Caphaw July 2014 • The Caphaw malware Microsoft blog: Microsoft partners with family targeted banks and financial services industry on fight against their customers in Europe cybercrime • It could give a malicious hacker access to and control of your PC • Caphaw targeted several high-profile European banks to steal online banking details • It used social engineering tactics to infect devices with information-stealing components through Facebook, YouTube, Skype, removable drives, and drive-by downloads Bladabindi June 2014 • A pervasive family of Microsoft blog: Microsoft takes on global & Jenxcus malware that put millions cybercrime epidemic in tenth malware (B106) of customers at risk disruption • The social media-savvy cybercriminals promoted eWeek: Microsoft takes down Bladabindi and their wares across the Jenxcus botnets Internet, offering step-by- step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes • Spread through infected removable drives, such as USB flash drives, can also be downloaded by other malware Game June 2014 • The primary purpose of Microsoft blog: Microsoft helps FBI in Over Zeus the malware was to hijack GameOver Zeus botnet cleanup victims online banking sessions for monetary FBI news: GameOver Zeus botnet disrupted: purposes and was also Collaborative effort among international used in conjunction with partners ransomware KrebsonSecurity: 'Operation Tovar' targets 'Gameover' ZeuS botnet, CryptoLocker scourge ZeroAccess December • The primary purpose of Microsoft blog: Microsoft, the FBI, Europol and aka Sirefef 2013 this Trojan horse is to industry partners disrupt the notorious generate money through ZeroAccess botnet pay-per-click fraud • A multi-component family Microsoft blog: ZeroAccess criminials wave of malware that white flag: The impact of partnerships on moderates your internet cybercrime experience by changing search results, generating arsTechnica: pay-per-click advertising https://arstechnica.com/inficrosoft disrupts revenue for its controllers botnet that generated $2.7M per monthfor • It directed users to operatorsormation- potentially dangerous technology/2013/12/microsoft-disrupts- websites that could install botnet-that-generated-2-7m-per-month-for- malware, steal personal operators/ information, or fraudulently charge Reuters: Microsoft leads disruption of largest businesses for online infected global PC network advertisement clicks Citadel June 2013 • Citadel has the ability to Microsoft blog: Microsoft works with financial log an infected machines services industry leaders, law enforcement key strokes stealing and others to disrupt massive financial password and banking cybercrime ring information • Citadel could also perform Department of Justice news: Russian citizen Man-in-the-middle attacks who helped develop the "Citadel" malware prompting infected toolkit is sentenced machines users to give up personal banking Dark Reading: Microsoft, FBI trumpet Citadel information when the botnet takedowns victim visited an otherwise legitimate website through popups and web traffic monitoring Bamital February • Bamital intercepts web Microsoft blog: Microsoft and Symantec take 2013 traffic on an infected down Bamital botnet that hijacks online machine and redirects searches clicks to advertising sites which paid the criminals Microsoft blog: Bamital botnet takedown is for the traffic. successful; cleanup underway • It is often installed via drive-by downloads. KrebsonSecurity: Microsoft, Symantec hijack • It redirects users to sites 'Bamital' botnet they were not intending to visit, taking control away from the user, leaving them vulnerable to other targeted attacks such as identity theft and additional malware infections Nitol September • Trojan virus usually Microsoft blog: Microsoft disrupts the 2012 installed with other emerging Nitol botnet being spread through corrupted software an unsecure supply chain downloaded from peer to peer file shares Microsoft blog: Microsoft reaches settlement • Nitol can use an infected with defendants in Nitol case computer to perform distributed denial of KrebsonSecurity: Microsoft disrupts 'Nitol' service attacks (DDoS) botnet in piracy sweep without the affected machines owner(s) knowledge. Zeus aka March • Keylogging botnet, Microsoft blog: Microsoft and financial Zbot 2012 recording every keystroke, services industry leaders target cybercriminal gaining access to operations from Zeus botnets usernames and passwords to steal victims’ identities, Microsoft blog: Microsoft names defendants in withdraw money from Zeus botnets case; provides new evidence to bank accounts, and make FBI online purchases. • Primarily distributed FBI news: Cyber criminal pleads guilty to through spam and drive- developing and distributing notorious SpyEye by downloads malware Wired: Alleged 'sppyEye' botmaster ends up in America, handcuffs Kelihos September • Communicates with Microsoft blog: Microsoft neutralizes Kelihos 2011 remote servers to botnet, names defendant in case exchange information that is used to execute various Microsoft blog: Microsoft reaches settlement tasks, including sending with Piatti, dotFREE Group in Kelihos case spam email, capturing sensitive information or Microsoft blog: Microsoft names new downloading and defendant in Kelihos case executing arbitrary files. Microsoft blog: Update on Kelihos botnet and new related malware CRN: Microsoft says ex-antivirus maker ran botnet Rustock March • Responsible for sending Microsoft blog: Taking down botnets: 2011 upwards of 30 billion Microsoft and the

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    7 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us