When Europol helped coordinate the April takedown of the Beebone botnet, information security expert Raj Samani – who assisted with the takedown – says everyone involved in the operation estimated that the polymorphic botnet was composed of about 12,000 infected systems, and that the majority were based in the United States.
“But actually, what we realized was the number of infected hosts were way higher. In fact, we’re seeing in our sinkhole somewhere between 30,000 to 40,000 unique infections per day. So, it’s way bigger than we initially thought, but the remediation is the painful part now,” says Samani, who is the Europe, Middle East and Africa chief technology officer for Intel Security – formerly known as McAfee. To date, there’s been about a 10 percent reduction in the number of infected hosts, from 37,000 to 33,000. But based on updated attack telemetry, researchers also found that the majority of infected botnet nodes are located in Iran, followed by Peru, neither of which is typically a hotbed of cybercrime or botnet infections.
View full story
View full story
