Monday, Oct 03, 2022

Europol busts banking botnet group; India worst affected by Ramnit

The Ramnit malware infects Windows OSes and steals bank usernames, passwords and mostly spreads through USB drives.

Symantec, cyber crime, rmnit botnet, Europol The Ramnit malware infects Windows OSes and steals bank usernames, passwords and mostly spreads through USB drives.

Europol’s European Cybercrime Centre (EC3) coordinated a joint international operation from its operational centre in The Hague to seize servers and infrastructure from the cybercrime group behind the Ramnit botnet. Ramnit botnet has infected 3.2 million computers all around the world. The operation involved investigators from Germany, Italy, the Netherlands, and the United Kingdom – who led the operation – along with partners from private industry like Symantec, Microsoft and Anubis Networks.

The Ramnit malware steals bank usernames and passwords and mostly spreads through USB drives. It infects users running Windows operating systems, explored different infection vectors such as links contained in spam emails or by visiting infected websites. Symantec provided technical analysis and telemetry as part of the investigation.

During its five years of operation, the Ramnit botnet (detected by Symantec as W32.Ramnit.B) has evolved into a major criminal enterprise, infecting more than 3.2 million computers and harvesting banking credentials, passwords, cookies, and personal files from victims. Ramnit has affected victims across the world and infections have been found in most countries. However, the worst affected countries in recent times have been India with 27 percent; Indonesia with 18 percent, Vietnam with 12 percent and Bangladesh with 9 percent.

“This botnet provides attackers with multiple ways to defraud a victim once their computer is compromised. It is capable of monitoring their web browsing sessions and stealing banking credentials. It can steal website cookies allowing attackers to impersonate the victim, take files from the victim’s hard disk, and grant the attackers remote access to the computer, allowing them to ex-filtrate stolen information or download additional malware,” according to a EC3 statement.

Subscriber Only Stories
Re-Defining The Tradition In Folk Art: An Art Educator’s PerspectivePremium
Symbiosis School of Sports Sciences (SSSS) launches undergraduate program...Premium
MIT World Peace University launches Five-Year Integrated B.Tech with MBA ...Premium
Bring Home The Ultimate Solution For The Whole Family With Airtel Xstream...Premium

While the amount of infected computers has decreased over time, the Ramnit botnet is still very active. For example, Symantec blocked a daily average of around 6,700 new infections in November 2014. This was down from a daily average of 8,000 in May 2014.
Symantec has also released a tool that will check for a Ramnit infection and allow users to remove it from a compromised computer.

First published on: 25-02-2015 at 10:04:47 pm
Next Story

Shiv Sena wants greater role in policy making at centre

Latest Comment
Post Comment
Read Comments