Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday February 26 2015, @03:56PM   Printer-friendly
from the stomp-stomp-stomp dept.

European law enforcement agencies seized command-and-control servers used by Ramnit, a malware program that steals online banking credentials, FTP passwords, session cookies and personal files from victims.

Ramnit started out in 2010 as a computer worm capable of infecting EXE, DLL, HTM, and HTML files. However, over time it evolved into an information-stealing Trojan that’s distributed in a variety of ways.

Ramnit is capable of hijacking online banking sessions, stealing session cookies which can then be used to access accounts on various sites, copying sensitive files from hard drives, giving attackers remote access to infected computers and more.

Researchers from antivirus vendor Symantec described the malware program as “a fully-featured cybercrime tool” in a blog post Wednesday ( http://www.symantec.com/connect/blogs/ramnit-cybercrime-group-hit-major-law-enforcement-operation ) and said that it infected over 3.2 million computers over its five years of existence.

http://www.pcworld.com/article/2889092/europol-and-security-vendors-disrupt-massive-ramnit-botnet.html

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Offtopic) by Anonymous Coward on Thursday February 26 2015, @05:45PM

    by Anonymous Coward on Thursday February 26 2015, @05:45PM (#150012)

    first post.

    I would have posted sooner but someone took my connection down.

  • (Score: 2, Interesting) by arulatas on Thursday February 26 2015, @06:09PM

    by arulatas (3600) on Thursday February 26 2015, @06:09PM (#150022)

    When are they going to take a bite out of this crime duo?

    "Ramnit is capable of hijacking online banking sessions, stealing session cookies which can then be used to access accounts on various sites, copying sensitive files from hard drives, giving attackers remote access to infected computers and more."

    Sounds like something familiar.

    --
    ----- 10 turns around
    • (Score: 3, Interesting) by davester666 on Thursday February 26 2015, @07:53PM

      by davester666 (155) on Thursday February 26 2015, @07:53PM (#150062)

      What do you mean? This action was just to get rid of some of the competition. Europol and the NSA want exclusive control of your devices, and really don't want to share with others outside their group.

    • (Score: 0) by Anonymous Coward on Friday February 27 2015, @03:44PM

      by Anonymous Coward on Friday February 27 2015, @03:44PM (#150483)

      Citizen, your comment is out of line with the approved tought-framework.
      Get back in line or be prepared to have Justice served to you by agents of the Ministry of Genuine Happiness. You are to report to the cultural re-education center at 1500h today. Your attendance is mandatory.

  • (Score: 2) by francois.barbier on Thursday February 26 2015, @08:45PM

    by francois.barbier (651) on Thursday February 26 2015, @08:45PM (#150086)

    ... infecting EXE, DLL, HTM, and HTML files.

    How do you infect an HTML file? You write "Your mom" between every <big> tag?
    I've tried a few searches but every site just states that it infects HTML files, nothing more.
    Anybody knows how?

    • (Score: 0) by Anonymous Coward on Thursday February 26 2015, @10:42PM

      by Anonymous Coward on Thursday February 26 2015, @10:42PM (#150174)

      ((char)60)script type="text/javascript">nasty_shit((char)60)/script>?

      speaking of which how to I escape LEFT_ANGLE_BRACKET?

      • (Score: 2) by francois.barbier on Friday February 27 2015, @12:21AM

        by francois.barbier (651) on Friday February 27 2015, @12:21AM (#150222)

        Right, but that's HTML injection. More precisely JavaScript injection. Not infection.
        This still needs a bad browser (educated guess: IE? ActiveX?) to load it. And the browser to allow the download, then execution, and so on.
        An infected EXE just runs and infects everything else. Firmware included.
        I know I'm being pedantic but an HTML infection would really have impressed me.
        This? Meh. Banal MS virus.
        By the way, use HTML entities: "&lt;tag&gt;" => "<tag>"