430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Europol and security giants dismantled the Ramnit botnet

The Ramnit botnet has been shut down in a joint effort by the Europol and the security firms Symantec, Microsoft, and Anubis Networks. Another success For the Europol and its allies Microsoft, Symantec, and Anubis Networks. The organizations in a joint effort have shut down command and control servers of the popular Ramnit botnet. The Joint Cybercrime […]

The Europol and security giants dismantled the Ramnit botnet

The Ramnit botnet has been shut down in a joint effort by the Europol and the security firms Symantec, Microsoft, and Anubis Networks.

Another success For the Europol and its allies Microsoft, Symantec, and Anubis Networks. The organizations in a joint effort have shut down command and control servers of the popular Ramnit botnet. The Joint Cybercrime Action Taskforce* (J-CAT) and CERT-EU also provided a significant support to the operations.

“On 24 February, Europol’s European Cybercrime Centre (EC3) coordinated a joint international operation from its operational centre in The Hague, which targeted the Ramnit botnet that had infected 3.2 million computers all around the world.” states the official announcement issued by the Europol.

According to cyber security experts, the Ramnit is one of the world’s biggest botnets, which infected up to 3.2 million machines worldwide.

Ramnit infection

The group behind Ramnit botnet seems to be active since 2010, but quickly evolved in the time thanks to continuous improvement. A botnet could be used for several fraudulent activities, Ramnit one was mainly used by crooks for financial frauds.

Police enforcement from several European countries, including Germany, Italy, the Netherlands, and the UK, have seized the control infrastructure for the Ramnit botnet.

“Representatives from the various countries, Microsoft, Symantec and AnubisNetworks worked together with Europol officials to shut down command and control servers and to redirect 300 Internet domain addresses used by the botnet’s operators.” reported the Europol.

Europol Deputy Director Operations, Wil van Gemert, has expressed its satisfaction for the operation highlighting the importance of collaboration between several entities to fight the criminal ring operating the Ramnit botnet.

“This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime,” said Wil van Gemart.

“We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes,” 

Symantec published a blog post in which describes the evolution of the Ramnit agent since 2010, The experts revealed that the malicious code and its controllers rapidly evolved over the time.

The latest variant of Ramnit (W32.Ramnit.B) has abandoned the file infection routine and implemented a range of several alternative infection methods.

“Ramnit (W32.Ramnit) began life as worm, first appearing in 2010 and spreading quickly due to aggressive self-propagation tactics. Once it compromised a computer it sought out all EXE, DLL, HTM, and HTML files on the local hard disk and any removable drives and attempted to infect them with copies of itself. ” reported Symantec.

Symantec explained that the Ramnit malware is composed of six standard modules, “Spy module,” “Cookie grabber,” “Driver scanner,” “Anonymous FTP server,”VNC module,” and FTP grabber.

Microsoft and Symantec have released a removal tool for Ramnit, users that fear their computer may have been infected, could download the software. For further information please visit www.getsafeonline.org or www.cyberstreetwise.com.

ramnit botnet infographic symantec

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cybercrime, Ramnit botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]