'Iranian Cyber Army' building botnet with exploit kit

'Iranian Cyber Army' building botnet with exploit kit

Summary: The self-styled "Iranian Cyber Army" has moved beyond website defacements and are now using an exploit kit to build a massive botnet.

SHARE:
TOPICS: Security
30

The self-styled "Iranian Cyber Army," the group responsible for hacking attacks against TechCrunch, Twitter and Baidu, has moved beyond website defacements and is now using an exploit kit to build a massive botnet.

According to research outfit Seculert, the group's fingerprints were found on a crime server hosting exploits against Oracle Sun's Java, Adobe PDF and various Microsoft software products.

Seculert chief technology officer Aviv Raff said the crime server is hosting a botnet of Windows machines:

...There are currently over 400,000 “confirmed loads,” i.e., machines that were successfully exploited and infected with the malware.  However, while tracking these numbers our research team noticed that once in a while the counter got reset, which means that the actual number of infected machines should be much larger. We also noticed that the number of loads per hour is kept steady at around 14,000. As we were able to track the use of this exploit kit back to August 2010, we can now extrapolate the number of machines that potentially got infected by this group of cyber criminals: 14,000 x 24hrs x 60days ~= 20 million infected machines!

ALSO SEE:

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

30 comments
Log in or register to join the discussion
  • RE: 'Iranian Cyber Army' building botnet with exploit kit

    please don't say "Iranian Cyber Army". Instead you should say "Cyber army of regime in Iran". These two phrases are very different. As a journalist, you should care about phrases much more.
    siyamand
    • RE: 'Iranian Cyber Army' building botnet with exploit kit

      @siyamand Why? If its was the U.S. Government Cyber Army it would be called "American Cyber Army". You think anyone would raise a fuss?
      I12BPhil
      • RE: 'Iranian Cyber Army' building botnet with exploit kit

        @I12BPhil
        There is a democracy in US, right? Do you think there are the same conditions here
        siyamand
      • RE: 'Iranian Cyber Army' building botnet with exploit kit

        @I12BPhil O crud! Does that mean I, as a voting age US citizen, am responsible for everything the US government does?
        caburlingame
  • Did I read Windows compromised systems?

    20 million infected machines = 20 000 000 infected windows systems?
    theo_durcan
    • Correct. I suspect that if they targeted Linux machines

      the number of infected would have been insignificant given Linux's miniscule installed base, hardly noticeable.
      :|
      Tim Cook
      • RE: 'Iranian Cyber Army' building botnet with exploit kit

        @Mister Spock
        Did I hear a troll whining?
        Yeah, install base is really small, >65% if the world web servers, 85% of supercomputers and >30% of the data centers.
        kirovs@...
      • RE: 'Iranian Cyber Army' building botnet with exploit kit

        @Mister Spock.....Not to worry, all the big money is safely behind Linux.

        Google doesn't allow Microsoft to be used and check out the Google sites on the top 100.

        http://toolbar.netcraft.com/stats/topsites
        Joe.Smetona
  • please don't say "Iranian Cyber Army".

    @siyamand Why? If its was the U.S. Government Cyber Army it would be called "American Cyber Army". You think anyone would raise a fuss?

    Because there is a democracy in the US. There is not on the other side.
    siyamand
    • RE: 'Iranian Cyber Army' building botnet with exploit kit

      @siyamand
      Democracy is so subjective... I personally think there's no true democracy on earth now, not even in America which is the champion of democracy.
      mungujakisa
      • RE: 'Iranian Cyber Army' building botnet with exploit kit

        @mungujakisa How about democratic Iran. How about having democracy in islamic countries?
        olcro_2000@...
  • Cyber Army indeed...

    Well, international politics hasn't captured this yet. More like cyber terrorists... a cyber army would have something to defend or fight for, while a cyber terrorist will make me want to unplug my computer from the Internet: Get the difference?
    mungujakisa
    • RE: 'Iranian Cyber Army' building botnet with exploit kit

      @mungujakisa
      Correct I believe.
      kashyap.bikram@...
  • RE: 'Iranian Cyber Army' building botnet with exploit kit

    Didn't the Iranian Cyber Army call themselves that? If it was a self-given title, I don't think we should accuse the writer of trying to offend anyone
    7mari
  • While we squabble about what to call it/them ....

    Sheesh!<br>No wonder Texas ranks close to the bottom in the U.S. for education and the U.S. isn't much better in world rankings.<br>How can we compete when we can't cooperate but instead spend out time on symantics?
    :-(
    kd5auq
    • RE: 'Iranian Cyber Army' building botnet with exploit kit

      "... but instead spend out time on symantics"

      Not to mention the time spends out on grammar, typnng, and speling.
      daboochmeister
  • Israel disinformation ??

    Dig into the company making the claim and judge for yourself. They seem to be a brand new company just funded:

    http://voip-routers.tmcnet.com/news/2010/10/07/5053486.htm

    The company doing the funding has Israel written all over them:

    http://www.ylventures.com/news-2.html

    "A new venture capital fund in Israel: YL Ventures. The fund was founded by the entrepreneur Yoav Leitersdorf, and it focuses on investments in start-up companies in Europe and Israel."

    And since when has any 'army' had a distinctive fingerprint? And why would Iran 'cyber army' attack Baidu? They're friends with China!
    guihombre
  • RE: 'Iranian Cyber Army' building botnet with exploit kit

    why why why not use bots for good! are people really that bored in life that they need to go around with cyber wrecking balls...
    @...
  • RE: 'Iranian Cyber Army' building botnet with exploit kit

    Would this be reported if the story were -
    "Iranian Cyber Army" launches anti-botnet botnet that disinfects zombied PCs, over 400,000 ?confirmed loads,? i.e., machines that were successfully disinfected of all known malware.
    Agnostic_OS
    • RE: 'Iranian Cyber Army' building botnet with exploit kit

      @Agnostic_OS Probably ... yes. BUT! - would anyone believe it was for good considering the name?
      ItsTheBottomLine