Polish CERT hits Virut botnet
Posted on 21 January 2013.
The Polish Research and Academic Computer Network (NASK), the national registry of the .pl domain and founder of CERT Polska, has announced on Friday that they took over 23 domains that served as C&C servers for the Virut botnet.

The botnet, recently used as a way for Waledac botmasters to recreate their own botnet which has been crippled in previous years by Microsoft, has been dealt a considerable blow.

"The scale of the phenomenon was massive: in 2012 for Poland alone, over 890 thousand unique IP addresses were reported to be infected by Virut," claims CERT Polska. "Since 2006, Virut has been one of the most disturbing threats active on the Internet. In late 2012 Symantec estimated the size of its botnet at 300,000 machines, while Kaspersky reported that Virut was responsible for 5.5% of infections in Q3 2012, making it the fifth most widespread threat of the time."

Among the domains the incident response team took over and sinkholed were also a few .pl domains previously used to host the Virut malware, its C&C IRC servers, and even Zeus and Palevo malware.

The Virut malware has, in the past, been mostly distributed via infected removable media and file sharing. But more recent version are capable of infecting HTML files, injecting an invisible iframe that would download Virut from a remote site, say the researchers.

Computers enslaved in the Virut botnet were used for spamming, DDoS attack, malware propagation, and similar malicious activities.


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th