Poland's CERT thwarts Virut botnet

Share this article:

Poland's Computer Emergency Response Team (CERT) has launched a takedown effort against the Virut botnet, a network of more than 300,000 infected computers worldwide.

Last Friday, the Poland-based NASK (Research and Academic Computer Network) announced that it took control of more than 23 domain names associated with the botnet, which consisted of nearly 900 infected machines in Poland last year. CERT operates under NASK.

Virut is a virus often used by attackers to spread other malware via a backdoor. Most recently, crooks used Virut to spread the Waledac worm, malware targeting users of Windows systems that sends spam from infected machines.  

The virus also distributed banking malware Zeus, according to NASK, which dubbed Virut “one of the most disturbing threats active on the internet” since 2006. 

“Interestingly, Virut's main distribution vector is executable file infection, and most users would get infected by using removable media or sharing files over networks,” said the message from NASK. “However, more recent versions of the malware have been capable of infecting HTML files, injecting an invisible IFRAME that would download Virut from a remote site.”

VirusTotal, a subsidiary company of Google that offers a free malware detection online service, and Spamhaus, a Geneva, Switzerland-based international nonprofit that provides real-time spam protection for networks, also aided in the NASK's actions to thwart the Virut botnet.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.