The botnet takedown, known as Operation Source, was led by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). Most EU member states and law enforcement partners around the world coordinated in the action. The Dutch High Tech Crime Unit led the J-CAT effort. The U.S. Federal Bureau of Investigation provided valuable support.
The process of sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
The NCA and police, together with a range of partners from across industry and the public sector, are this week carrying out a range of activity to help businesses and members of the public guard against cyber crime. The NCA has developed customised intelligence reports for internet hosting companies and service providers, acting on data provided by CERT-UK (The UK’s Computer Emergency Response Team) and the Shadowserver Foundation.
As you may now be aware, the FBI and NCA are coordinating ‘global day of action’ against the Zeus-P2p and Cryptolocker families of malware. Law enforcement and industry partners will be collaborating to interrupt infrastructure vital to the malware’s operation and to raise public awareness of these threats. As part of this effort the Janet resolver service is directing domains generated by these two botnets to a sinkhole service run by one of our long term partners – Shadowserver.
WASHINGTON, D.C.—The Justice Department today announced a multi-national effort to disrupt the GameOver Zeus botnet—a global network of infected victim computers used by cyber criminals to steal millions of dollars from businesses and consumers—and unsealed criminal charges in Pittsburgh, Pennsylvania, and Omaha, Nebraska, against an administrator of the botnet. In a separate action, U.S. and foreign law enforcement officials worked together to seize computer servers central to the malicious software, or malware, known as Cryptolocker, a form of ransomware that encrypts the files on victims’ computers until they pay a ransom
Law enforcement agencies in Europe and the United States, including Europol and the FBI, ran a coordinated takedown of the GameOver Zeus botnet on Friday, seizing servers and disrupting the botnet’s operation.
Businesses could get better intelligence on the spam and phishing campaigns targeting their customers after the government communications watchdog provided spam-fighting organisation ShadowServer access to its Spam Intelligence Database.
The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at libertyreserve.com: On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing to Shadowserver.org, a volunteer organization dedicated to combating global computer crime.
Microsoft has reached a settlement with the Chinese site linked to the Nitol DDoS botnet. The emerging Nitol botnet was hosted by the 3322.org domain. In order to stem the threat, Microsoft filed a suit to take control of the 70,000 malicious subdomains hosted on 3322.org, gaining control of the domain in mid September.
Virgin Media subscribers whose computers are part of a botnet can expect a letter warning them to tighten up their security, under a new initiative based on data collected by independent malware trackers. The UK’s third-largest ISP will match lists of compromised IP addresses collected by the Shadowserver Foundation, among others, to its customer records.