HOME

TheInfoList



Click Here for Items Related To - Virut
OR:
Virut on:   [Wikipedia]   [Google]   [Amazon]

Virut is a
cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013 its operations were disrupted by the Polish organization
Naukowa i Akademicka Sieć Komputerowa Naukowa i Akademicka Sieć Komputerowa ("Research and Academic Computer Network") or NASK is a Polish research and development organization and data networks operator. .PL Registry NASK is the .pl, ccTLD registry. While launching in 2003 a do ...
.


Characteristics

Virut is a malware botnet that is known to be used for cybercrime activities such as
DDoS In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...
attacks,
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
(in collaboration with the Waledac botnet),
fraud In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compens ...
,
data theft Data theft is a growing phenomenon primarily caused by system administrators and office workers with access to technology such as database servers, desktop computers and a growing list of hand-held devices capable of storing digital information, su ...
, and pay-per-install activities. It spreads through executable file infection (through infected USB sticks and other media), and more recently, through compromised
HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...
files (thus infecting vulnerable browsers visiting compromised websites). It has infected computers associated with at least 890,000
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es in
Poland Poland, officially the Republic of Poland, is a country in Central Europe. It is divided into 16 administrative provinces called voivodeships, covering an area of . Poland has a population of over 38 million and is the fifth-most populous ...
. In 2012, Symantec estimated that the botnet had control of over 300,000 computers worldwide, primarily in
Egypt Egypt ( ar, مصر , ), officially the Arab Republic of Egypt, is a transcontinental country spanning the northeast corner of Africa and southwest corner of Asia via a land bridge formed by the Sinai Peninsula. It is bordered by the Mediter ...
,
Pakistan Pakistan ( ur, ), officially the Islamic Republic of Pakistan ( ur, , label=none), is a country in South Asia. It is the world's List of countries and dependencies by population, fifth-most populous country, with a population of almost 24 ...
and
Southeast Asia Southeast Asia, also spelled South East Asia and South-East Asia, and also known as Southeastern Asia, South-eastern Asia or SEA, is the geographical United Nations geoscheme for Asia#South-eastern Asia, south-eastern region of Asia, consistin ...
(including
India India, officially the Republic of India (Hindi: ), is a country in South Asia. It is the seventh-largest country by area, the second-most populous country, and the most populous democracy in the world. Bounded by the Indian Ocean on the so ...
). A
Kaspersky Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in th ...
report listed Virut as the fifth-most widespread threat in the third quarter of 2012, responsible for 5.5% of computer infections.


History

The Virut botnet has been active since at least 2006. On 17 January 2013, Polish research and development organization, data networks operator, and the operator of the Polish "
.pl is the Internet country code top-level domain (ccTLD) for Poland, administered by NASK, the Polish research and development organization. It is one of the founding members of CENTR. History The domain was created in 1990, following the mit ...
" top-level
domain registry A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a do ...
,
Naukowa i Akademicka Sieć Komputerowa Naukowa i Akademicka Sieć Komputerowa ("Research and Academic Computer Network") or NASK is a Polish research and development organization and data networks operator. .PL Registry NASK is the .pl, ccTLD registry. While launching in 2003 a do ...
(NASK), took over twenty three domains used by Virut to attempt to shut it down. A NASK spokesperson stated that it was the first time NASK engaged in such an operation (taking over domains), owing to the major threat that the Virut botnet posed to the Internet. It is likely Virut will not be shut down completely, as some of its control servers are located at Russian "
.ru .ru is the Latin alphabet Internet country code top-level domain ( ccTLD) for Russia introduced on 7 April 1994. The Russian alphabet internationalized country code is .рф. Control of .ru is assigned to the Coordination Center for TLD ...
" top-level domain name registrars outside the reach of the Polish NASK. Further, the botnet is able to look up alternate backup hosts, enabling the criminals operating it to reestablish control over the network.


See also

*
Command and control (malware) A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
*
Zombie (computer science) In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hac ...
*
Trojan horse (computing) In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans generally spread by some form ...
*
Botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
*
Alureon Alureon (also known as TDSS or TDL-4) is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and oth ...
*
Conficker Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator pas ...
*
Gameover ZeuS GameOverZeus is a peer-to-peer botnet based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet. Unlike its pr ...
*
ZeroAccess botnet ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet while remaining hidden using rootkit techniques. History and propagation Th ...
*
Regin (malware) Regin (also known as Prax or QWERTY) is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly reveal ...
*
Zeus (malware) Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystr ...
*
Timeline of computer viruses and worms A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events. Timelines can use any suitable scale representin ...


References

{{Botnets Internet security Multi-agent systems Distributed computing projects Spamming Botnets Cybercrime in India