Poland's CERT thwarts Virut botnet

Share this article:

Poland's Computer Emergency Response Team (CERT) has launched a takedown effort against the Virut botnet, a network of more than 300,000 infected computers worldwide.

Last Friday, the Poland-based NASK (Research and Academic Computer Network) announced that it took control of more than 23 domain names associated with the botnet, which consisted of nearly 900 infected machines in Poland last year. CERT operates under NASK.

Virut is a virus often used by attackers to spread other malware via a backdoor. Most recently, crooks used Virut to spread the Waledac worm, malware targeting users of Windows systems that sends spam from infected machines.  

The virus also distributed banking malware Zeus, according to NASK, which dubbed Virut “one of the most disturbing threats active on the internet” since 2006. 

“Interestingly, Virut's main distribution vector is executable file infection, and most users would get infected by using removable media or sharing files over networks,” said the message from NASK. “However, more recent versions of the malware have been capable of infecting HTML files, injecting an invisible IFRAME that would download Virut from a remote site.”

VirusTotal, a subsidiary company of Google that offers a free malware detection online service, and Spamhaus, a Geneva, Switzerland-based international nonprofit that provides real-time spam protection for networks, also aided in the NASK's actions to thwart the Virut botnet.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.