Poland's CERT thwarts Virut botnet

Share this article:

Poland's Computer Emergency Response Team (CERT) has launched a takedown effort against the Virut botnet, a network of more than 300,000 infected computers worldwide.

Last Friday, the Poland-based NASK (Research and Academic Computer Network) announced that it took control of more than 23 domain names associated with the botnet, which consisted of nearly 900 infected machines in Poland last year. CERT operates under NASK.

Virut is a virus often used by attackers to spread other malware via a backdoor. Most recently, crooks used Virut to spread the Waledac worm, malware targeting users of Windows systems that sends spam from infected machines.  

The virus also distributed banking malware Zeus, according to NASK, which dubbed Virut “one of the most disturbing threats active on the internet” since 2006. 

“Interestingly, Virut's main distribution vector is executable file infection, and most users would get infected by using removable media or sharing files over networks,” said the message from NASK. “However, more recent versions of the malware have been capable of infecting HTML files, injecting an invisible IFRAME that would download Virut from a remote site.”

VirusTotal, a subsidiary company of Google that offers a free malware detection online service, and Spamhaus, a Geneva, Switzerland-based international nonprofit that provides real-time spam protection for networks, also aided in the NASK's actions to thwart the Virut botnet.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.