Published in News

Cisco nets fishy botnet

by on07 October 2015


Angler fished out of the system


Researchers at Cisco have stopped the spread of a massive international exploit kit which is commonly used in ransomware attacks.

The Talos security team, at Cisco,  were monitoring the Angler Exploit Kit, which is "currently one of the most effective tools for nicking personal information", in case you are interested.

The team found that half of the computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. The servers had been hired by cybercriminals using stolen payment details. Once informed, Limestone cut the servers from its network and handed over the data to the researchers.

Cisco recovered the authentication protocols behind the software and told its mates in the security companies how to disable connections to infected devices.

Talos manager Craig Williams suggested that the research and consequent action will be "really damaging" to the attackers' network, adding that since Limestone cut the criminal servers, the rate of Angler infections had had fallen dramatically.

Sold online across black market platforms, exploit kits such as Angler are available to purchase as small packages which hunt out vulnerabilities in web applications and other popular software programmes. Once they gain control of a target computer, criminals can install malicious code, including ransomware attacks capable of stealing personal data and demanding payment for its return.

According to Talos, had three per cent of Angler infected users paid a ransom of around $300 and those involved in the Limestone server crimes could have made a cool $34 million.

Last modified on 07 October 2015
Rate this item
(4 votes)

Read more about: