<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>botnets &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/botnets/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 22 Jul 2025 16:17:31 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Google Sues the Badbox Botnet Operators</title>
		<link>https://noise.getoto.net/2025/07/23/google-sues-the-badbox-botnet-operators/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 23 Jul 2025 11:04:53 +0000</pubDate>
				<category><![CDATA[backdoors]]></category>
		<category><![CDATA[botnets]]></category>
		<category><![CDATA[courts]]></category>
		<category><![CDATA[google]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70499</guid>

					<description><![CDATA[<p>It will be interesting to watch what will come of this <a href="https://www.securityweek.com/google-sues-operators-of-10-million-device-badbox-2-0-botnet/">private lawsuit</a>:</p>
<blockquote><p>Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software.</p>
<p>These devices lack Google’s security protections, and the perpetrators pre-installed the Badbox 2.0 malware on them, to create a backdoor and abuse them for large-scale fraud and other illicit schemes.</p></blockquote>
<p>This reminds me of Meta’s lawauit against Pegasus over its hack-for-hire software (which I wrote about ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>AI Data Poisoning</title>
		<link>https://noise.getoto.net/2025/03/26/ai-data-poisoning/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 26 Mar 2025 11:07:13 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[botnets]]></category>
		<category><![CDATA[spoofing]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70048</guid>

					<description><![CDATA[<p>Cloudflare has a <a href="https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/">new feature</a>—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers:</p>
<blockquote><p>Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected.</p>
<p>“When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” writes Cloudflare. “But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>TP-Link Router Botnet</title>
		<link>https://noise.getoto.net/2025/03/14/tp-link-router-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 14 Mar 2025 11:02:58 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69997</guid>

					<description><![CDATA[<p>There is a new botnet that is <a href="https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware">infecting</a> TP-Link routers:</p>
<blockquote><p>The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as <a href="https://nvd.nist.gov/vuln/detail/cve-2023-1389">CVE-2023-1389</a>) has also been used to spread other malware families as far back as April 2023 when it was used in the <a href="https://www.tomsguide.com/news/android-adb-matryosh-botnet">Mirai botnet</a> malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.</p>
<p>[…]</p>
<p>Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>IoT Devices in Password-Spraying Botnet</title>
		<link>https://noise.getoto.net/2024/11/06/iot-devices-in-password-spraying-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 06 Nov 2024 12:02:18 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[china]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69556</guid>

					<description><![CDATA[<p>Microsoft is <a href="https://arstechnica.com/information-technology/2024/11/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks/">warning</a> Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack:</p>
<blockquote><p>“Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to multiple organizations in a short amount of time,” Microsoft officials wrote. “This scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the potential of account compromises across multiple sectors and geographic regions.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>FBI Shuts Down Chinese Botnet</title>
		<link>https://noise.getoto.net/2024/09/19/fbi-shuts-down-chinese-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 19 Sep 2024 15:40:17 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[china]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69396</guid>

					<description><![CDATA[<p>The FBI has <a href="https://gizmodo.com/fbi-shuts-down-botnet-run-by-beijing-backed-hackers-that-hijacked-over-200000-devices-2000500627">shut down</a> a botnet run by Chinese hackers:</p>
<blockquote><p>The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations…. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.</p>
<p>The operation to dismantle the botnet was coordinated by the FBI, the NSA, and the Cyber National Mission Force (CNMF), according to a press release dated ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Justice Department Took Down the 911 S5 Botnet</title>
		<link>https://noise.getoto.net/2024/06/07/the-justice-department-took-down-the-911-s5-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 07 Jun 2024 11:04:46 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[courts]]></category>
		<category><![CDATA[COVID-19]]></category>
		<category><![CDATA[crime]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69002</guid>

					<description><![CDATA[<p>The US Justice Department has <a href="https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation">dismantled</a> an enormous botnet:</p>
<blockquote><p>According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. Wang then generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The UK Bans Default Passwords</title>
		<link>https://noise.getoto.net/2024/05/02/the-uk-bans-default-passwords/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 02 May 2024 11:05:03 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[UK]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68854</guid>

					<description><![CDATA[<p>The UK is the first country to <a href="https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices">ban default passwords</a> on IoT devices.</p>
<blockquote><p>On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.</p>
<p>The <a href="https://www.legislation.gov.uk/ukpga/2022/46/contents/enacted">Product Security and Telecommunications Infrastructure Act 2022</a> (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.</p></blockquote>
<p>The UK may be the first country, but as far as I know, California is the first jurisdiction. It ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>No, Toothbrushes Were Not Used in a Massive DDoS Attack</title>
		<link>https://noise.getoto.net/2024/02/09/no-toothbrushes-were-not-used-in-a-massive-ddos-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 09 Feb 2024 18:10:57 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[denial-of-service]]></category>
		<category><![CDATA[fake news]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68405</guid>

					<description><![CDATA[The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false.
Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without readin...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Story of the Mirai Botnet</title>
		<link>https://noise.getoto.net/2024/01/16/the-story-of-the-mirai-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 16 Jan 2024 12:21:21 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[history of security]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68292</guid>

					<description><![CDATA[Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>When Apps Go Rogue</title>
		<link>https://noise.getoto.net/2023/08/30/when-apps-go-rogue/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 30 Aug 2023 13:39:33 +0000</pubDate>
				<category><![CDATA[Apple]]></category>
		<category><![CDATA[botnets]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67732</guid>

					<description><![CDATA[<p>Interesting <a href="https://gizmodo.com/how-nightowl-for-mac-added-a-botnet-1850740785">story</a> of an Apple Macintosh app that went rogue. Basically, it was a good app until one particular update…when it went bad.</p>
<blockquote><p>With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that company silently updated the dark mode app so that it hijacked their machines in order to send their IP data through a server network of affected computers, AKA a botnet...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>FBI (and Others) Shut Down Genesis Market</title>
		<link>https://noise.getoto.net/2023/04/05/fbi-and-others-shut-down-genesis-market/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 05 Apr 2023 15:55:02 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[credentials]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[law enforcement]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67156</guid>

					<description><![CDATA[<p>Genesis Market is <a href="https://krebsonsecurity.com/2023/04/fbi-seizes-bot-shop-genesis-market-amid-arrests-targeting-operators-suppliers/">shut down</a>:</p>
<blockquote><p>Active since 2018, Genesis Market’s slogan was, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.</p>
<p>But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>A Security Vulnerability in the KmsdBot Botnet</title>
		<link>https://noise.getoto.net/2022/12/15/a-security-vulnerability-in-the-kmsdbot-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 15 Dec 2022 12:10:05 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66350</guid>

					<description><![CDATA[<p>Security researchers <a href="https://arstechnica.com/information-technology/2022/12/advanced-botnet-taken-down-by-an-all-too-human-flaw-syntax-error/">found</a> a software bug in the KmsdBot cryptomining botnet:</p>
<blockquote><p>With no error-checking built in, sending KmsdBot a malformed command­—like its controllers did one day while Akamai was watching­—created a panic crash with an “index out of range” error. Because there’s no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot’s functions. It is, as Akamai notes, “a nice story” and “a strong example of the fickle nature of technology.”</p></blockquote>
...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Sophisticated Malware</title>
		<link>https://noise.getoto.net/2022/05/04/new-sophisticated-malware/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 04 May 2022 11:15:24 +0000</pubDate>
				<category><![CDATA[backdoors]]></category>
		<category><![CDATA[botnets]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[threat models]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65392</guid>

					<description><![CDATA[<p>Mandiant is <a href="https://arstechnica.com/information-technology/2022/05/how-hackers-used-smarts-and-a-novel-iot-botnet-to-plunder-email-for-months/">reporting</a> on a new botnet.</p>
<blockquote><p>The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:</p>
<ul>
<li>The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don’t support antivirus or endpoint detection. This makes detection through traditional means difficult.
...</li></ul></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>US Disrupts Russian Botnet</title>
		<link>https://noise.getoto.net/2022/04/07/us-disrupts-russian-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 07 Apr 2022 14:31:56 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65307</guid>

					<description><![CDATA[<p>The Justice Department <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation">announced</a> the disruption of a Russian GRU-controlled botnet:</p>
<blockquote><p>The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control. ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Google Shuts Down Glupteba Botnet, Sues Operators</title>
		<link>https://noise.getoto.net/2021/12/09/google-shuts-down-glupteba-botnet-sues-operators/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 09 Dec 2021 15:36:22 +0000</pubDate>
				<category><![CDATA[Bitcoin]]></category>
		<category><![CDATA[blockchain]]></category>
		<category><![CDATA[botnets]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[google]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=64623</guid>

					<description><![CDATA[Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet&#8217;s operators....]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Police Have Disrupted the Emotet Botnet</title>
		<link>https://noise.getoto.net/2021/01/28/police-have-disrupted-the-emotet-botnet/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 28 Jan 2021 12:02:00 +0000</pubDate>
				<category><![CDATA[backdoors]]></category>
		<category><![CDATA[botnets]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[law enforcement]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Phishing]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=61859</guid>

					<description><![CDATA[<p>A coordinated effort has <a href="https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/">captured</a> the command-and-control servers of the Emotet botnet:</p>
<blockquote><p>Emotet establishes a backdoor onto Windows computer systems via automated <a href="https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/">phishing emails</a> that distribute Word documents compromised with <a href="https://www.zdnet.com/article/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software/">malware</a>. Subjects of emails and documents in <a href="https://www.zdnet.com/article/this-giant-botnet-has-just-sprung-back-into-life-pushing-a-big-phishing-campaign/">Emotet campaigns</a> are regularly altered to provide the best chance of luring victims into opening emails and installing malware ­ <a href="https://www.zdnet.com/article/phishing-warning-these-are-the-brands-most-likely-to-be-impersonated-by-crooks-so-stay-alert/">regular themes include invoices, shipping notices and information about COVID-19</a>.</p>
<p>Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>US Cyber Command and Microsoft Are Both Disrupting TrickBot</title>
		<link>https://noise.getoto.net/2020/10/15/us-cyber-command-and-microsoft-are-both-disrupting-trickbot/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 15 Oct 2020 11:01:07 +0000</pubDate>
				<category><![CDATA[botnets]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60321</guid>

					<description><![CDATA[<p>Earlier this month, we learned that someone is <a href="https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/">disrupting</a> the TrickBot botnet network.</p>
<blockquote><p>Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.</p>
<p>On Sept. 22, someone pushed out a new configuration file to Windows computers currently infected with Trickbot. The crooks running the Trickbot botnet typically use these config files to pass new instructions to their fleet of infected PCs, such as the Internet address where hacked systems should download new updates to the malware...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 43/251 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-05 13:58:12 by W3 Total Cache
-->