Researchers at security firm Finjan have uncovered a massive botnet of Windows machines. The botnet is 1.9 million machines strong, with many of the machines located in the United States: 45% of them are located in the US. The researchers detailed their findings at the RSA Conference in San Fransisco.
The botnet in question is one of the largest ever found that is controlled by a single gang of cybercriminals. Apparently, the command and control server of the botnet are located in the Ukraine. The researchers claim that during their work, the number of infected computers increased by the hour.
The botnet is actually quite user friendly, as it has a nice backend management application through which the cybercriminals can control the machines in the botnet. From this backend, the criminals can instruct machines to download additional malware, which in turn are used to read local data from the machines. “When inspecting these files, we identified that they can perform the following actions: read email address and other details from the infected computer; communicate with other computers using HTTP protocol; execute a process; inject code into other processes; visit websites without end-users’ consent; register as a background service on the infected computer and a few dozen other commands,” the researchers write. They conclude that the criminals can basically do whatever the heck they want with and on the infected machines.
Finjan has shared the information about the botnet with the authorities.