contador pagina web Skip to content

dismantling of a big Windows botnet

Europol's European Cybercrime Center, FS-ISAC (Financial Services Information Sharing and Analysis Center), Symantec, AnubisNetworks and Microsoft worked together to bring down the Ramnit botnet.

RamnitAccording to European police, this network of infected Windows computers was able to count in its ranks up to 3.2 million machines worldwide and was still very much alive in its last months. At the start of the year, Microsoft detected more than half a million computers infected with Ramnit.

Ramnit was discovered in April 2010 and has started to spread in the form of a computer worm. It then evolved into a botnet by acquiring several modules obtained after the release in 2011 of the source code of the ZeuS malware of disastrous reputation. A banking Trojan and even more a toolbox.

Symantec paints a picture of a multifaceted Ramnit botnet with theft of online banking credentials, passwords for social networks, session cookies from web browsers, files on the hard drive, d 'FTP credentials … Nothing really nice.

Ramnit was configured to remain discreet, even going so far as to deactivate the security protections inherent in Windows. It generated 300 Internet domains in an attempt to enter into communication with a control and command server via a house protocol using port 443. An encrypted communication.

The media action on Wednesday shut down the command and control servers used by the Ramnit botnet. The investigation continues with the analysis of the servers. We bet that this will allow the arrest of the cybercriminals behind Ramnit. Otherwise, there is a risk that a new infrastructure to support Ramnit will be put in place.

The Ramnit threat is said to be taken care of by security solutions. To have peace of mind, it is possible to turn to a tool like the one offered by Microsoft.