Security firm issues warning against Mevade botnet

A new cyber-criminal botnet campaign believed to originate in Russia and Ukraine is now targeting businesses and government in the United States, United Kingdom and India, a security firm warned.

 

Security firm Websense said the botnet, dubbed Mevade, can hijack search results, redirect network trafic and engage in click fraud.

 

"Websense research performed on third-party feeds indicates that this campaign has infected hundreds of organizations and thousands of computers world-wide and appears to be used for a variety of purposes, including redirecting network traffic and click fraud, as well as search result (hi)jacking. However, the extensible Mevade malware provides a very capable mechanism for data theft through reverse proxying capabilities," it said. 

 

It said the campaign started July 23, targeting business services, government, manufacturing and transportation.

 

Links with the malware were associated with Tor, which Websense said may have provided anonymity for the cybercriminals.

 

"The heavy use of attack infrastructure (C2 servers) located in Ukraine and Russia and Mevade malware links this group to a potentially well-financed cyber-crime gang operating out of Kharkov, Ukraine and Russia," it added.

 

But a separate report on "PC World" said the new campaign is "more improvised than advanced" and is "certainly not in the league of Chinese APTs let alone U.S./Israeli Stuxnet, Duqu, Flame, Gauss cyber-weapons."

 

"If anything it looks more like a business move by a professional cybercrime group to dredge up some useful documents to hawk to the highest bidder," it said. – KDM, GMA News