FBI, DoJ take out $10 Million “Bugat” banking botnet

Forum|Forum|10 years ago
October 13, 2015
7 replies
0 views

+54

Jasper_The_Rasper
Moderator

FBI, DoJ: Andrey Ghinkul, of Moldova, was charged in a nine-count indictment

Network World | Oct 13, 2015

The FBI and US Department of Justice today said they disrupted the activities and arrested the administrator of the botnet known as “Bugat,” “Cridex” or “Dridex,” which authorities said pilfered over $10 million.

The FBI called Bugat a sophisticated malware package designed to steal banking and other credentials from infected computers and is generally distributed through phishing. The software typically can upload files from an infected computer and download executable files to the victim’s system. Collected information id sent to the criminal’s system. Bugat is specifically designed to defeat antivirus and other protective measures employed by victims.

Full Article

retiredAntus67
Community Guide
Forum|Forum|10 years ago
October 14, 2015

Hats off to the FBI for taking down this administrator of the botnet.
We need more of these arrests.

Dermot7
Gold VIP
Forum|Forum|10 years ago
October 14, 2015

Today the FBI announced the indictment of Dridex gang members. In their announcement, they mention Fox-IT’s InTELL threat intelligence has provided them with valuable information regarding the gang. Fox-IT’s InTELL is proud to have served the community in this collaborative effort.

https://www.fox-it.com/en/press-releases/fbi-announces-dridex-gang-indictments-praises-fox/

http://blog.trendmicro.com/trendlabs-security-intelligence/us-law-enforcement-takedown-dridex-botnet/

Multiple command-and-control (C&C) servers used by the DRIDEX botnet in the US have been taken down as a result of a joint effort by the Federal Bureau of Investigation (FBI) and security researchers from Trend Micro and other security vendors. Earlier, the National Crime Agency (NCA) in the UK has also taken similar steps against C&C servers used by DRIDEX. Furthermore, charges have been made against Andrey Ghinkul, aka Andrei Ghincul and Smilex, the Moldovan administrator of the botnet.

+54

Jasper_The_Rasper
Author
Moderator
Forum|Forum|10 years ago
October 15, 2015

This is an excellent sign of what will hopefully start happening more and more.

14th Octoer 2015 By Ericka Chickowski

Researchers believe Dridex swooped in to fill Gameover Zeus' hole in the black market, but it didn't have time to grow as big as its predecessor before being stopped.
As authorities with the FBI warned computer users yesterday to be on alert for Bugat/Dridex botnet malware, the judicial system cranked up to take a legal stand against the criminals that used the botnet to run their illegal enterprises. This included a cooperative effort by U.K. and U.S. government and private sector organizations to disrupt the botnet infrastructure, but also a nine-count indictment unsealed Tuesday by the U.S. Department of Justice against Moldovan criminal Andrey Ghinkul (aka Smilex), arrested Aug. 28 in Cyprus.

"Our relationships with counterparts all around the world are helping us go after both malicious hackers and their malware," said Leslie Caldwell, assistant attorney general for the DoJ's Criminal Division. "The Bugat/Dridex botnet, run by criminals in Moldova and elsewhere, harmed American citizens and entities. With our partners here and overseas, we will shut down these cross-border criminal schemes.”

Full Article

retiredAntus67
Community Guide
Forum|Forum|10 years ago
October 15, 2015

Good article Jasper its a breath of fresh air to see how our government
and others join together to stop cyber crime. Hats off to these
organizations trying to protect the users

Dermot7
Gold VIP
Forum|Forum|10 years ago
October 16, 2015

By Thomas Fox-Brewster

It was the Friday before Labor Day 2012. The executive team of Penneco Oil, a small Pittsburgh company, were lunching at the Atria’s Restaurant and Tavern – your typical off-highway American eatery, candy-striped awning, red brick and white plaster facade, a dimly-lit, cosy interior – when hundreds of emails started flooding into the inbox of treasurer Matthew Jacobs.
Baffled by the huge influx of mail filling up his phone, Jacobs called IT. They couldn’t explain how the waves of mail were getting past the filters. The spam had been craftily constructed, it seemed. When they returned to the office, the phones started ringing. All of them. For three hours. When answered there was nothing but a robotic hum. This was not how holidays were supposed to be welcomed.

     http://www.forbes.com/sites/thomasbrewster/2015/10/16/recovering-from-evil-corp-dridex-breach/

+54

Jasper_The_Rasper
Author
Moderator
Forum|Forum|10 years ago
October 19, 2015

By Eduard Kovacs on October 19, 2015 Law enforcement authorities in the U.S. and Europe, and several private security firms have launched an operation aimed at the Dridex botnet, but the threat still appears to be active.

Dridex, a successor of the Cridex Trojan, is said to have caused losses totaling $40 million in the United States and the United Kingdom after helping cybercriminals steal personal and financial information from users.

Dell SecureWorks, one of the security firms involved in the takedown operation, reported last week that each Dridex sub-botnet’s peer-to-peer (P2P) network was poisoned and infected systems were redirected to a sinkhole. Additionally, the FBI announced the arrest of a Dridex botnet administrator, 30-year-old Moldovan national Andrey Ghinkul, and charges brought against several other suspects. Full Article

retiredAntus67
Community Guide
Forum|Forum|10 years ago
October 19, 2015

Good article and its good to see law enforcement taking action and
arresting these criminals

FBI, DoJ: Andrey Ghinkul, of Moldova, was charged in a nine-count indictment

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded