Data-stealing 'Mumba' botnet hits 55,000 systems

Data-stealing 'Mumba' botnet hits 55,000 systems

Summary: A criminal gang has stolen over 60GB of data using a botnet that has infected around 55,000 computers around the world, according to a report.

SHARE:

A criminal gang has stolen over 60GB of data using a botnet that has infected around 55,000 computers around the world, according to a report from security company AVG.

The botnet, which AVG has dubbed 'Mumba', has compromised systems in the UK, as well as in the US, Germany and Spain, the company said in a report (PDF link) released on Monday. The stolen credentials found by AVG's researchers includes bank account numbers, credit card details and social-networking logins.

"The Mumba botnet — so called because of some funky attributes our researchers found on the server — was created by one of the most sophisticated group of cybercriminals on the internet known as the Avalanche Group," AVG said in a blog post. The cyber-gang used the botnet to host phishing sites, store collected data and spread data-stealing malware, according to the report. AVG's researchers found that the compromised computers were spreading four different variants of the Zeus data-stealing Trojan.

The Mumba botnet uses a fast-flux infrastructure to minimise the risk to the criminal of takedown by law enforcement and other agencies. Fast-flux systems hide command-and-control servers within the body of infected computers by constantly reallocating the server.

For more on this story read Data-stealing 'Mumba' botnet hits 55,000 systems on ZDNet UK.

Topics: Servers, Banking, CXO, Hardware, Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Time for some slow, painful executions

    Or, they type with their fingers, don't they?
    TranMan
  • Mumba botnet (Not enough information)

    I wish organizations that release articles about botnets and the like provide details like what tcp/udp port infected machines use to communicate with the command-and-control servers. I've read dozens of articles and NONE have provided useful information like this. Wonder why?
    pguibord
    • RE: Data-stealing 'Mumba' botnet hits 55,000 systems

      @pguibord

      bord has a point, the people who actually read these articles want to know the details to better protect/monitor our environments. otherwise you are just telling us what can/will hit us and who did it but not how to stop them.
      dexter_rivera@...
    • RE: Data-stealing 'Mumba' botnet hits 55,000 systems

      @pguibord <br>@dexter_rivera@..<br><br>+1 <br><br>Telling us there is something nasty out there without providing us with any technical information that might help us to protect ourselves, is about as much use as an ashtray on a motor bike!<br><br>Best wishes, G.
      mrgoose
  • RE: Data-stealing 'Mumba' botnet hits 55,000 systems

    yup, a little really useful info, like how to neutralize mumba would be nice. is mumba from kenya?
    vger_z
  • RE: Data-stealing 'Mumba' botnet hits 55,000 systems

    That's modern "reporting" for you. Hey here's a thing to worry about, have a great day and buy this softdrink.
    biffjenkins
  • Not news anymore.

    I was surprised at the small number of replies.<br><br>Botnets are a Windows experience. <br><br>Hoepfully more people will wise up and start using Linux. <br><br>Trying out something new from MS is like visiting the Wizard of Oz.

    60GB of ASCII text only containing logins, card numbers and passwords is very, very substantial.
    Joe.Smetona
  • what to do . . .

    I'm pretty low-level in my countermeasures, but one thing I do is keep my equipment off while I'm not using it, and also keep an eye on resource consumption and processes with the utilities available from MS. So far, so good . . .
    pikeman666
    • RE: Data-stealing 'Mumba' botnet hits 55,000 systems

      @pikeman666

      What you described sounds like texting and driving a car at the same time.
      Joe.Smetona
  • RE: Data-stealing 'Mumba' botnet hits 55,000 systems

    Since the cited article said that AVG dubbed the name Mumba, I figured AVG free would detect and eliminate it. AVG free was a big download, and the download crashed. Think I'll throw the internet away and go back to the two tin cans w/string.
    ejmiller@...