Hundreds of global organizations have been infected by a Russian botnet as part of a cybercrime campaign that could be connected to the mysterious traffic spike that hit the Tor anonymity system in August, security firm Websense has suggested.
Using the Mevade botnet as its distribution mechanism, the campaign began on July 23, successfully targeting a sizable number of organizations in sectors including (in order of infection rates) business services, manufacturing, government, transportation, healthcare, and communications, the firm said.
The largest number of infections was recorded in the U.S., with smaller concentrations around Europe and South America. The absence of infections in Russia was unlikely to be a coincidence, indeed "the heavy use of attack infrastructure located in Ukraine and Russia and Mevade malware links this group to a potentially well-financed cybercrime gang operating out of Kharkov, Ukraine and Russia," said Websense's research note.
Linked to Tor
The use of Mevade is telling. This botnet has already been forensically connected by several firms to the widely-reported and dramatic traffic spike that flooded the Tor system from August 19 onward.
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon