Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Gang Targets Sensitive Industries With Flexible Botnet

    By
    Robert Lemos
    -
    October 27, 2013
    Share
    Facebook
    Twitter
    Linkedin

      Cyber-criminals likely based in Russia and the Ukraine have compromised computers at thousands of companies with a malware program known as Mevade, hijacking search traffic and conducting click fraud to turn the compromised systems into cash, security firm Websense stated in an analysis posted online on Oct. 23.

      The attack has hit companies in the United States, the United Kingdom, Canada and India, among others, and has targeted the business services, manufacturing and transportation industries, as well as government agencies. The list of targeted industries is interesting because—while the Mevade malware is focused on generating cash for the operators of the botnet—it could easily be turned into a data-stealing espionage network, Alex Watson, director of research for Websense Labs, told eWEEK.

      “If you look at malware and its capabilities, this group is really going after whatever money they can get,” Watson said. “But if you look at the targets, it’s definitely concerning. It would only take a change in business model to sell access to a number of critical industries.”

      Mevade is not a new malware program. First detected by Microsoft on July 2, 2013, the program is likely a variant of malware called Sefnit, used by a cyber-criminal group since 2011. In late July, the number of computers infected by the program, and the industries infiltrated by the botnet, rose quickly, peaking in late August and early September, according to data from Websense. Since late September, the pace of compromise has gradually slowed, suggesting that the campaign has ended, Watson said.

      The lull is not unusual for criminal activity, he said. In many cases, cyber-criminal groups will stop using a particular binary executable when antivirus firms broadly detect the program and its variants. Infections will slow or stop while the cyber-criminal groups work on creating a version of the program that antivirus software fails to detect, he said.

      The program conducts click fraud, falsifying users’ clicks on Website advertisements to generate fraudulent affiliate fees for the criminal group behind the program.

      Mevade gained notoriety in early September when it was connected to a massive spike in user traffic on the Tor anonymizing network. The number of simultaneous user connections jumped at least sixfold to 3 million, from 5o0,000, because a botnet began routing traffic through the network to anonymize the origin and destination of the communications. Security experts connected Mevade to the spike in traffic and estimated that between 1.5 million and 5 million computers were responsible for the traffic.

      “Using an anonymizing service like Tor, it is nearly impossible to attribute the infected machines back to the servers they came from,” Websense’s Watson said.

      Other industries infected by the Mevade malware include health care, mining, agriculture, communications, education and retail/trade industries, according to Websense. The extensive infrastructure likely means that the attackers are well-financed, the company stated in its analysis.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×