Microsoft Destroys Bitcoin Mining Botnet Sefnit

Microsoft Destroys Bitcoin Mining Botnet Sefnit

Microsoft has gone on the offensive against the 'Sefnit' botnet and it has remotely removed Sefnit from many computers. But, contrary our original report, it left the Tor clients behind. Sefnit is a curious form of Tor-based malware that managed to infect millions of computers and turn them into zombies for click fraud and bitcoin mining. It was first detected last summer, after the Tor Project noticed a 600% increase in Tor use. The spike coincided with the highly publicised revelations about NSA's snooping programmes, namely Prism. However, privacy concerns and paranoia had nothing to do....


Related News

Facebook Breaks Up Cryptocurrency Mining Botnet 'Lecpetex'

Facebook has successfully dismantled a major bitcoin botnet operated by a small team of cyber criminals based in Greece. The Lecpetex botnet managed to infect 250,000 computers. At its peak it compromised as many as 50,000 Facebook accounts. Lecpetex propagated through the social media platform using spam messages with malicious code inserted into zipped attachments. Each zip archive contained an embedded Java file that would download and install a litecoin miner. It would also steal cookies and gain access to the victim's friend list, using it to send out even more spam. However, mining....

Alarming growth of difficult-to-detect ‘Lemon Duck’ crypto mining botnet

A crypto mining botnet called Lemon Duck is spreading through Windows 10 computers, infecting users through fake Covid-19 emails. Since the end of August, cybersecurity researchers have identified increased activity on a crypto mining botnet called “Lemon Duck”.The botnet has been around since December 2018, however a big jump in activity over the past six weeks suggests that the malware has infiltrated many more machines in order to harness their resources to mine the cryptocurrency Monero.Research carried out by Cisco's Talos Intelligence Group, suggests that Lemon Duck infections are....

Why ZeroAccess botnet stopped bitcoin mining

There have been several reports this week detailing how security firm Symantec took down a large portion of a bitcoin mining botnet called ZeroAccess. What few, if any, mention is that the bitcoin mining part of the botnet hasn't been functional for almost six months, because the developers deliberately killed it. The question is, why? ZeroAccess is a piece of malware that joins an infected computer to a large network of similarly compromised machines. They can then be controlled by a central administrator, commonly called a botherder, who then gets the machines to do his bidding. Most....

Source Code for Mirai Internet of Things Botnet Appears Online

To put this potential into perspective, Mirai is capable of pulling in several hundreds of thousands of bots from IoT devices. Security researchers have come across the source code for the Internet of Things botnet called Mirai. This botnet has been used to launch major DDoS attacks against various websites. Such a powerful tool could be used to shut down nearly any public website in existence today. Now that the source code has been leaked, it becomes a lot easier to render the botnet useless. Connecting millions of devices to the Internet sounds great on paper, but it creates a big....

Necurs Botnet Resurfaces With Updated Locky and Dridex Versions

Locky remains one of the biggest ransomware threats to this very date. Now that the Necurs botnet is back, it looks like a new version of Locky Bitcoin ransomware is available as well. A new spam campaign is underway to infect as many computers as possible. Roughly three weeks ago, the Necurs botnet suddenly went offline, leaving security researchers puzzled as to what happened to it. This reprieve was rather short-lived, however, as the botnet returned in full force a few days ago. Moreover, it is spreading an improved version of both Locky ransomware and the Dridex banking trojan. Necurs....