Poland's CERT thwarts Virut botnet

Poland's Computer Emergency Response Team (CERT) has launched a takedown effort against the Virut botnet, a network of more than 300,000 infected computers worldwide.

Last Friday, the Poland-based NASK (Research and Academic Computer Network) announced that it took control of more than 23 domain names associated with the botnet, which consisted of nearly 900 infected machines in Poland last year. CERT operates under NASK.

Virut is a virus often used by attackers to spread other malware via a backdoor. Most recently, crooks used Virut to spread the Waledac worm, malware targeting users of Windows systems that sends spam from infected machines.  

The virus also distributed banking malware Zeus, according to NASK, which dubbed Virut “one of the most disturbing threats active on the internet” since 2006. 

“Interestingly, Virut's main distribution vector is executable file infection, and most users would get infected by using removable media or sharing files over networks,” said the message from NASK. “However, more recent versions of the malware have been capable of infecting HTML files, injecting an invisible IFRAME that would download Virut from a remote site.”

VirusTotal, a subsidiary company of Google that offers a free malware detection online service, and Spamhaus, a Geneva, Switzerland-based international nonprofit that provides real-time spam protection for networks, also aided in the NASK's actions to thwart the Virut botnet.