San Jose (CA) – The world’s largest-ever malware network has been uncovered, affecting 1.9 million corporate, government and consumer computers.
Finjan Inc’s Malicious Code Research Center (MCRC) uncovered the network as part of research into command and control servers operated by cybercriminals.
“It is the biggest ever – 600,000 was the largest last year,” a spokesman for Finjan told TG Daily. He declined to name the organisations affected, but said “I think you can assume that most large corporations and most western governments are affected.”
The cybercrime server has been working away since February 2009. It was hosted in the Ukraine and controlled by six people, who established a vast affiliation network across the web to successfully distribute and operate their malware. They compromised computers in 77 government-owned domains from the US, the UK and other countries. The US is by far the worst-affected country, accounting for 45 percent of infected machines, followed by the UK with six percent and Canada and Germany with four per cent each.
The malware is remotely controlled by the cybercriminals, enabling them to execute almost any command on the end-user computer. “Some will be hired out for hackers to use, or to spammers, and they will have sucked information out to sell,” said the spokesman.
Since the discovery, Finjan has provided US and UK law enforcement agencies with information about the server. The company has also contacted the affected corporate and government agencies to let them know.
“The command and control server has been taken down, but the problem is that they could set up another very quickly,” said the spokesman. “It’s like a hydra – as soon as you cut off one head, another appears.”
“As predicted by Finjan at the end of last year, cybercriminals keep on looking for improved methods to distribute their malware and Trojans are winning the race. The sophistication of the malware and the staggering amount of infected computers proves that cybergangs are raising the bar,” said Yuval Ben-Itzhak, CTO of Finjan. ”As big money drives today’s cybercrime activities, organizations and corporations need to protect their valuable data to prevent theft by these kind of sophisticated cyberattacks.”
Finjan said that the malware was installed on computers when visiting compromised websites serving malicious code. Information found by MCRC on the command and control server includes the IP addresses of the infected computers as well as the computers’ names inside corporate and government networks that are running the malware.