Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

Massive Botnet Attack: 800 Thousand Bank Transactions Sniffed

Posted DateOctober 9, 2014
Posted Time 2   min Read

A new botnet has been detected. A US-based security research firm Proofpoint has come up with a detailed analysis of a botnet that has infected around 500 thousand computers and credentials for around 800 thousand bank transactions have been sniffed. 75% of the infections have happened in the US.

A full analysis reveals the modus operandi of the attackers. Using vulnerable WordPress sites or by using stolen admin credentials for WordPress sites bought from the underground hacking market, these sites were first infected. Later, computers of visitors to these sites were infected by downloading malware by using either browser, flash, or pdf vulnerabilities. In some cases, legitimate newsletters sent by the WordPress websites have been used by sending emails to users and having infections inside these newsletters.

Care has been taken so that anti-virus software on the victim’s computers doesn’t detect this malware. A traffic distribution system (TDS) has been used to identify only those visitor computers which might be vulnerable by using various attributes of the HTTP client data such as browser version, operating system, etc when the browser access the WordPress site.  This helps hackers avoid browsers/computers of security researchers or bots.  Once the visitor computers were infected by installing a basic malware dropper, more and varying kinds of malware are deployed on them. Then, these computers are used to steal banking credentials via a sniffer when they access a banking site. Other monetization techniques such as using these computers for an encrypted tunnel and offering such tunnels to others in the underground hacking market for use for other hacking activities are also done.

The scale of the operation is huge. Many US banks’ users’ credential has been sniffed/stolen. There are 2 million unique IPs that have been found to be used by this botnet, the total number of computers affected is 500 thousand. About 52% of computers infected were running Windows XP, and a large number of infections have been via Internet Explorer.

The botnet and the details of the operation should raise alarms and should make us realize the importance of securing our websites/computers. While India doesn’t seem to be a target of this botnet,  the above kind of botnet can be replicated in India.

To begin with, not many who host WordPress websites ensure that all vulnerabilities are patched, and updates are done regularly. WordPress-hosted sites thus become one of the soft targets for website attacks/infection by hackers. A WAF can help here; a scanner that targets WordPress-based sites can also help.

As to ensuring that your computer does not get infected, there is an urgent need to move away from Windows XP ( if not done already), support for which is discontinued by Microsoft.  There is a need to constantly update software such as pdf readers, Flash. Browsers have to be also updated.

For banks, two-factor authentication is a must. This way at least even if banking credentials are stolen, damage cannot be done. For other e-commerce sites too, two-factor authentication is the only solution.

Stay tuned for more relevant and interesting security updates. Follow Indusface on FacebookTwitter, and LinkedIn

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Sophisticated bot attacks
Bad Bots Level Up – How to Protect Your Website from Costly Hacks?

Traditional solutions are failing to secure your business from bot attacks. It is time for the right approach: Anti-bot Protection.

Spread the love

Read More
Enhanced Bot Protection
Enhanced Bot Protection with AppTrana

Get comprehensive bot protection for your web applications with AppTrana. Stay ahead of threats and ensure top-notch cybersecurity.

Spread the love

Read More
Credential Stuffing Prevention
5 Tips for Credential Stuffing Prevention

Credential stuffing attacks are prevalent bot-based threats today but preventable with the right measures and security controls. Read More.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!