The May 2024 issue of IEEE Spectrum is here!

Close bar

This Week in Cybercrime: Grum Botnet Taken Down, Pinterest Hacked, Madi Trojan Discovered

Zombie computers, mysterious break-ins, and a suspected cyberweapon

2 min read

This Week in Cybercrime: Grum Botnet Taken Down, Pinterest Hacked, Madi Trojan Discovered

According to a article, computer-security experts temporarily took down Grum, the world's third-largest botnet, on 17 July. They disabled command-and-control servers in Panama and the Netherlands that had been the source of 18 billion spam e-mail messages a day, or roughly 18 percent of the world total. A New York Times article reports that when, by the end of the same day, the Grum botnet’s creators had set up shop in Russia and Ukraine, U.S.- and U.K-based security firms gave chase and tracked it to local ISPs. The Russian ISP cooperated in shutting down the servers. Atif Mushtaq, a computer security specialist at FireEye, one of the security firms that helped to shut down the botnet, told the Times that, “Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server.”

On 16 July, Pinterest posted the latest in a series of notices related to security breaches on the site, says a Techcrunch post. The “Locked Account Survey,” it issued that day asked the site’s users to complete a survey to “assist our investigation” into how its security was breached. The 11-question survey, says Techcrunch, asked about things such as whether users had experienced other security hacks, how they use Pinterest, and what browser they used—things indicating that Pinterest is still unsure of the source of the break-ins and method by which they are being pulled off. In the meantime, the content sharing service has been locking user accounts. A 10 July notice read:

“If changing your password does not solve the issue, change your password again and immediately deactivate your account. Please return to this support article in 1-2 weeks for additional instructions; we are working on a process that will enable users to reset their accounts. Unfortunately, we are unable to restore any deleted boards or pins.”

Pinterest is assuring users that all their content is “safe and sound,” but there is still some uncertainty as to whether some users who have had their accounts hijacked will have nothing to show for the countless hours spent adding items to their pages.

Just weeks after unnamed U.S. government sources admitted that the U.S. and Israel were behind the Stuxnet worm designed to attack Iran’s nuclear weapons development enterprise, computer security experts are reporting the discovery of a data-stealing Trojan that has infected about 800 computers, mostly in Iran and Israel, over the last eight months. CNET reports that The Madi Trojan, capable of recording keystrokes, screenshots, and audio, and of stealing text and image files, was given that name because of references in the code to the word for the Islamic Messiah. The malicious code, which included strings in Farsi and dates in the Persian calendar format in communications with a command-and-control server, was embedded in attachments such as PowerPoint documents, fake Word documents, and fake images appended to phishing e-mails. 

Symantec reports that the victims—which at this point should have a heightened sense of the need to maintain security—included critical infrastructure companies, government embassies, and financial services firms in Iran, Israel, Afghanistan, the United Arab Emirates, Saudi Arabia, as well as the United States and New Zealand.

Though some accusations have been hurled at Iran’s government because security firms have observed Madi Trojan communicating with command-and-control servers hosted there, experts including those at Symantec say there is no smoking gun positively identifying Madi as state-sponsored malware.

The Conversation (0)