Get a free application, infrastructure and malware scan report - Scan Your Website Now

Managed WAF

Massive Botnet Attack: 800 Thousand Bank Transactions Sniffed

Posted DateOctober 9, 2014
Posted Time 2   min Read

A new botnet has been detected. A US-based security research firm Proofpoint has come up with a detailed analysis of a botnet that has infected around 500 thousand computers and credentials for around 800 thousand bank transactions have been sniffed. 75% of the infections have happened in the US.

A full analysis reveals the modus operandi of the attackers. Using vulnerable WordPress sites or by using stolen admin credentials for WordPress sites bought from the underground hacking market, these sites were first infected. Later, computers of visitors to these sites were infected by downloading malware by using either browser, flash, or pdf vulnerabilities. In some cases, legitimate newsletters sent by the WordPress websites have been used by sending emails to users and having infections inside these newsletters.

Care has been taken so that anti-virus software on the victim’s computers doesn’t detect this malware. A traffic distribution system (TDS) has been used to identify only those visitor computers which might be vulnerable by using various attributes of the HTTP client data such as browser version, operating system, etc when the browser access the WordPress site.  This helps hackers avoid browsers/computers of security researchers or bots.  Once the visitor computers were infected by installing a basic malware dropper, more and varying kinds of malware are deployed on them. Then, these computers are used to steal banking credentials via a sniffer when they access a banking site. Other monetization techniques such as using these computers for an encrypted tunnel and offering such tunnels to others in the underground hacking market for use for other hacking activities are also done.

The scale of the operation is huge. Many US banks’ users’ credential has been sniffed/stolen. There are 2 million unique IPs that have been found to be used by this botnet, the total number of computers affected is 500 thousand. About 52% of computers infected were running Windows XP, and a large number of infections have been via Internet Explorer.

The botnet and the details of the operation should raise alarms and should make us realize the importance of securing our websites/computers. While India doesn’t seem to be a target of this botnet,  the above kind of botnet can be replicated in India.

To begin with, not many who host WordPress websites ensure that all vulnerabilities are patched, and updates are done regularly. WordPress-hosted sites thus become one of the soft targets for website attacks/infection by hackers. A WAF can help here; a scanner that targets WordPress-based sites can also help.

As to ensuring that your computer does not get infected, there is an urgent need to move away from Windows XP ( if not done already), support for which is discontinued by Microsoft.  There is a need to constantly update software such as pdf readers, Flash. Browsers have to be also updated.

For banks, two-factor authentication is a must. This way at least even if banking credentials are stolen, damage cannot be done. For other e-commerce sites too, two-factor authentication is the only solution.

Stay tuned for more relevant and interesting security updates. Follow Indusface on FacebookTwitter, and LinkedIn

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Why Your Business Needs Bot Protection Solution?

Explore the critical need for bot protection solutions. Safeguard your business from rising bot attacks, ensuring data security and operational integrity.

Read More
Botnet Detection Best Practices
10 Botnet Detection and Removal Best Practices

Discover top botnet detection best practices: understand infiltration, identify attacks, reset devices, restrict access, and use strong authentication.

Read More
Credential Stuffing Prevention
What is Credential Stuffing? 11 Best Practices to Prevent Attacks

Learn how to prevent credential stuffing attacks with strong password policies, account lockout mechanisms, anomoly detection, CAPTCHA challenges & more.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!