NgrBot is a modified IrcBot. It has the capability to join different Internet Relay Chat (IRC) channels to perform various attacks according to the IRC-based commands from the command-and-control (C&C) server. Recently, our botnet monitoring system captured an NgrBot variant with hardcoded version Figure 1. Hardcoded version This new version of the bot carries new features that are much more harmful than before, including the ability to destroy data in the user's hard drive. Wiping The Hard Drive This new version of... [Read More]
by RSS He Xu  |  Jul 10, 2014  |  Filed in: Security Research
Neurevt DDoS attacks are endless. Our Fortinet botnet monitoring system found more DDoS attacks raised by Neurevt. UDP Attack About two weeks ago (April 18), Neurevt began to perform new DDoS attacks on a web site that is located in the British Virgin Islands. The domain has the suffix .ru, which means it belongs to Russia. The attack method is only UDP, and the target port is 80, which is the default for web browsing. This web site is an online forum on finance and investing. HTTP GET Attacks Two days later (April 20), the Neurevt command-and... [Read More]
by RSS He Xu  |  Apr 30, 2014  |  Filed in: Security Research
Update: Neurevt has raised another aggressive DDoS attack at another organization in Turkey at around 11:30 PM PST Sunday night (Apr 13). The bot also used the four methods discussed in this blog post. Our Fortinet botnet monitoring system found another new DDoS attack that has been raised by Neurevt (a.k.a. Beta Bot) yesterday. The target this time is only one organization, but is still one of the three organizations that were mentioned in my last blog post. The targeted IP address is not the same as before but still belongs to one of the data... [Read More]
by RSS He Xu  |  Apr 10, 2014  |  Filed in: Security Research
Neurevt, a.k.a. Beta Bot, is an infamous bot that has caught our attention since March 2013. This bot carries many efficient modules that meet most of the requirements for cybercrime-related purposes, including the ability to launch distributed denial-of-service (DDoS) attacks according to commands issued by its command-and-control (C&C) server. Neurevt supports several methods of DDoS attacks, such as UDP, TCP, HTTP GET, etc. Recently, one Neurevt variant raised a huge DDoS attack from its network of compromised computers. This attack was... [Read More]
by RSS He Xu  |  Apr 09, 2014  |  Filed in: Security Research
Valentine's day is just around the corner and of course the mere thought of chocolate and pink hearts bring butterflies to our stomachs. But butterflies aside, there are other things that flutter through your inbox and their intentions are not always friendly. I am talking about STIs, yes, Socially Transmitted Infections. The internet is full of botnets, worms, and trojans, all bent on turning those butterflies into panic. Koobface: A Worm to Die For Among one of the biggest offenders in STI history is the Koobface worm. First discovered back... [Read More]
by RSS Michael Perna  |  Feb 12, 2014  |  Filed in: Industry Trends
[ This article originally appeared in Virus Bulletin ]( Neurevt (also known as Beta Bot) is an HTTP bot [1] which entered the underground market around March 2013 and which is priced relatively cheaply [2]. Though still in its testing phase, the bot already has a lot of functionalities along with an extendable and flexible infrastructure. Upon installation, the bot injects itself into almost all user processes to take over the whole system. Moreover, it utilizes a mechanism... [Read More]
by RSS Zhongchun Huo  |  Jan 29, 2014  |  Filed in: Security Research