In April 2009, internet security firm Finjan announced its discovery of a network of 1.9 million malware-infected computers, which included corporate, government and consumer computers throughout the world. The firm’s Malicious Code Research Center (MCRC) became aware of the network, known as a botnet, during investigations into how ‘cybercriminals’ use computers in unison to carry out malicious activity on a mass scale.
A botnet is a network of malicious software programs which compromise the security of individual computers and operate independently or as one, under the remote command of a criminal user. The bot in the term botnet refers to the program which invades another computer, while net refers to the way in which the infected computers are unified under the control of a single server from which the operator issues instructions.
According to Finjan, the botnet discovered is believed to have been in use since February 2009, and is controlled by a cybergang of six people via a server hosted in the Ukraine. Of the two million computers infected, 77 exist within government-owned domains from the US, UK and various other countries.
It is believed that the computers became infected after visiting websites infected with malicious code. The malware subsequently installed on the infected bots was a type of Trojan horse, allowing the criminals to access sensitive data by sending remote instructions to the bot to access emails, copy files, record keystrokes and create screenshots, all of which could be viewed by the gang.
In addition, Finjan claims that the malware facilitates the sending of spam in the innocent user’s name, compromising the reputation of their domain and potentially damaging their relationships with clients.
Yuval Ben-Itzhak, CTO of Finjan commented: “As predicted by Finjan at the end of last year, cybercriminals keep on looking for improved methods to distribute their malware and Trojans are winning the race. The sophistication of the malware and the staggering amount of infected computers proves that cybergangs are raising the bar.”
Finjan’s findings, which have yet to be verified by the authorities concerned, nevertheless highlight the importance of maintaining up-to-date antivirus and firewall protection to detect malware and block malicious activity over the internet. In addition, regular monitoring of email and internet activity within organisations can help flag up unusual movements quickly, while the services of a computer forensic analyst can help ascertain if any unauthorised activity has taken place.
Since discovering the botnet, Finjan states that it has passed detailed information to US and UK law enforcement officials as well as informing all affected corporate and government agencies.