Security researchers have uncovered a fast-growing
worldwidebotnetof 1.9 million government,
corporate and private computers, it was revealed
today.
The botnet has been in use since February and is hosted in the
Ukraine, according to a report by security firm
Finjan.
They have tied the botnet to a six-member cybergang that was
selling control of batches of 1,000 compromised computers for as
little as £30 to £70.
The cybercriminals were enable to
infect end-user computers through legitimate websites with
malware that bypassed 90% of common anti-virus software.
The malware is designed to work in the Windows XP operating
system and takes advantage of security vulnerabilities in a range
of browsers.
Most infections (78%) were through Microsoft's Internet Explorer
browser, followed by Mozilla's Firefox (15%), Opera (3%) and Safari
(3%), the report said.
The malware enabled the cybercriminals to execute almost any
command on targeted machines, including copying files and recording
keystrokes.
The botnet was uncovered when the researchers traced calls from
a Trojan back to its command-and-control centre.
UK government computers were among the compromised computers in
77 government-owned domains, the researchers found.
Finjan alerted US and UK authorities and notified government
departments and businesses whose computers were part of the
botnet.
UK police are liaising with other international agencies
involved in the investigation.
"No other information can be revealed," said detective chief
inspector Charlie McMurdie, who heads the investigative arm of the
Police Central E-Crime Unit (PCeU).
The sophistication of the malware and rapid infection rate
proves cybercriminals are raising the bar and shows how vulnerable
organisations are to this type of attack, said Yuval Ben-Itzhak,
CTO of Finjan.
The fact that the malware bypassed such a high percentage of
anti-virus products shows the need for a multi-layered approach to
defence, he said.
According to Ben-Inzhak,
signature-based detection methods are no longer effective
against rapidly changing malware.
Instead, organisations need to combine web security, data
leakage prevention and URL filtering to strengthen the network
perimeter.
It is easier to control what comes in and out of the corporate
network than to patch every browser ad-on, which is usually slow
and difficult to manage, he said.