silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,336
Slovak cyber-security firm ESET announced today that it took down a malware botnet that infected more than 35,000 computers.
According to an ESET press release published today, the botnet has been active since May 2019, and most of its victims were located in Latin America, with Peru accounting for more than 90% of the total victim count.
Named VictoryGate, ESET said the botnet's primary purpose was to infect victims with malware that mined the Monero cryptocurrency behind their backs.
According to ESET researcher Alan Warburton, who investigated the VictoryGate operation, the botnet was controlled using a server hidden behind the No-IP dynamic DNS service. Warburton says ESET reported and took down the botnet's command and control (C&C) server and set up a fake one (called a sinkhole) to monitor and control the infected hosts.
The company is now working with members of the Shadowserver Foundation to notify and disinfect all computers who connect to the sinkhole. Based on sinkhole data, between 2,000 and 3,500 computers are still pinging the malware's C&C server for new commands on a daily basis.