Tackling the Sefnit botnet Tor hazard

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Sefnit, a prevailing malware known for using infected computers for click fraud and bitcoin mining, has left millions of machines potentially vulnerable to future attacks. We recently blogged about Sefnit performing click fraud and how we added detection on the upstream Sefnit installer. In this blog we explain how the Tor client service, added by Sefnit, is posing a risk to millions of machines, and how we are working to address the problem.

Win32/Sefnit
made headlines last August as it took the Tor Network by storm. Tor is an open source project for online anonymity and is commonly used to browse the Internet anonymously. Around August 19, 2013, millions of infected computers running Win32/Sefnit installers are believed to have been woken up and given instructions en masse, to download and install a Sefnit component using the Tor Network for C&C communication. Based on the Tor Network’s connecting-user estimates, evidence suggests this resulted in more than four million Sefnit-installed Tor client services pushed in just over two weeks, as shown in Figure 1.
Tackling the Sefnit botnet Tor hazard - Microsoft Malware Protection Center - Site Home - TechNet Blogs
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top