Harnig botnet returns

By Stuart Sumner
12 Aug 2011 View Comments
Security padlock image

The Harnig botnet, which downloads and disseminates malware to computers over the internet, has reappeared after a six-month absence.

In March Microsoft, working with law enforcement agencies including the FBI, took down the Rustock botnet by seizing its servers and issuing software to clean up malware from infected customers.

Further reading

This also meant the Harnig botnet, principally used to infect machines with the Rustock malware, was largely put out of action.

However, researchers at threat analysis firm FireEye say Harnig has returned.

"After months of silence, Harnig is finally back in business, resuming all of its usual malicious activities," wrote FireEye researcher Atif Mushtaq.

Botnet operators are using new command control (CnC) servers to manage their operations, as many of the previous servers would have been seized in the Rusktock takedown.

And aware that law enforcement agencies are now more experienced in targeting and removing CnC servers, the cyber criminals have taken steps to protect their network.

"Harnig is changing its CnCs with lightning speed," wrote Mushtaq. "During the last week or so I have observed 26 CnCs in use by different variants of the Harnig botnet and most of these CnCs popped up during the last few days."

To protect their networks from malware from Harnig and other botnets, organisations should follow a common sense approach, said Raj Samani, chief technology officer in EMEA for security firm McAfee.

"Follow common sense, have appropriate security, and adhere to continuous processes of protecting yourself. Identify and plan for your risks, and check that your controls work."

Graham Cluley, senior technology consultant at security firm Sophos, explained that technology and education play a part in protecting the business.

"Keep your software patching and anti-virus up to date. And educate your staff regarding the form threats are likely to take – this could be unsolicited emails, dodgy attachments and weblinks."

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %