Data-stealing 'Mumba' botnet hits 55,000 systems

A criminal gang has stolen over 60GB of data using a botnet that has infected around 55,000 computers around the world, according to a report from security company AVG.

The botnet, which AVG has dubbed 'Mumba', has compromised systems in the UK, as well as in the US, Germany and Spain, the company said in a report (PDF link) released on Monday. The stolen credentials found by AVG's researchers includes bank account numbers, credit card details and social-networking logins.

"The Mumba botnet — so called because of some funky attributes our researchers found on the server — was created by one of the most sophisticated group of cybercriminals on the internet known as the Avalanche Group," AVG said in a blog post.

The cyber-gang used the botnet to host phishing sites, store collected data and spread data-stealing malware, according to the report. AVG's researchers found that the compromised computers were spreading four different variants of the Zeus data-stealing Trojan.

The Mumba botnet uses a fast-flux infrastructure to minimise the risk to the criminal of takedown by law enforcement and other agencies. Fast-flux systems hide command-and-control servers within the body of infected computers by constantly reallocating the server.

AVG chief research officer Roger Thompson said that the security company suspects the Avalanche Group is based in Eastern Europe and that it consists of members of the Rock Phish gang.

"At the heart of all these gangs there are the really smart tech guys," Thompson told ZDNet UK. "People have coding styles and techniques that make their code individual."

Zeus Trojan variants are distributed by various people around the world, such as the couple arrested in Manchester in 2009 on suspicion of criminal distribution of the malware.