5 September 2017

"English" Virus Lances Botnets

In April, we reported on the recently-spotted “English” virus, a computer bug that appears to have escaped from somewhere in the US Northwest. We quoted a representative from the Department of Homeland Security as saying, “From all our analysis and the analysis of independent security groups, we’re guessing that the English Trojan is aiming at building a botnet of unparalleled size.”

Turns out he was wrong. Both Symantec and McAfee have released reports within the last two weeks that seem to show a correlation between the spread of the virus and the drastic drop in the size of international botnets. Even the two largest active botnets, Conficker and SuperHi, have suffered devastating losses. 

Marko Numminen of Avira Operations, the group that produces the free anti-virus software of the same name, said, “[English] appears to be downloading an anti-virus payload—it’s not any of the commercially available products out there, so we’re guessing the virus writer created his or her own anti-viral product and is using that to clean machines that would otherwise be under control of a botnet master.”

Officials from Symantec have warned that while English (also known as FastEnglish, UK_EN, and White Knight) has been damaged botnets around the world, the extent of its payload is unknown. “It may just be clearing the field for an even bigger botnet later down the road,” said Stacia Wilkie, a member of Symantec’s New Trojan Working Group. “If you suspect you’ve been infected by English, we recommend downloading any one of the free removal tools available from us or any other respectable computer security organization.” Dispatches has a list of removal tools here.

Numminen further indicated that English doesn’t spell the end of botnets forever—botnet masters will certainly fight back against the bloc of English-protected computers, which he calls the “notnet”. It’s unclear whether the anti-virus behind the notnet will be able to keep pace with the most virulent computer infections of our time, but one thing is for sure: With hundreds of millions of virus-infected computers on networks around the world, the stakes could not be higher.

No comments:

Post a Comment