Media Coverage

Shadowserver in the news

EC3 in cooperative action to target Dridex banking malware

SC Magazine, October 14, 2015

EC3, NCA, FBI and a range of other bodies have targeted the Dridex banking malware, including using a sinkhole operation to sever communications between infected botnets and their controlling cyber-criminals.

FBI teams up with hackers to bust bank robbing botnet

CNN, October 14, 2015

On Tuesday, U.S. prosecutors announced a victory in the war on malware. American and British police have managed to stop a massive hacking operation that infected computers worldwide, stealing at least $10 million from the United States alone. Law enforcement — with the help of several cybersecurity firms — took control of a network of machines that distributed malicious software known as “Bugat,” “Cridex” or “Dridex.”

FBI and UK cops smash Dridex high-stakes bank-raiding botnet

ZDNet, October 14, 2015

Joint efforts by law-enforcement agencies in the US and UK have crippled an eastern European gang behind the bank credential-stealing botnet known as Dridex.

FBI takes down Dridex botnet, seizes servers, arrests suspect

The Register, October 14, 2015

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s control network, which is used to upload stolen information to crooks behind the network as well as pushing instructions and software configuration to zombie nodes on the botnet. Attack traffic is being re-routed towards sinkholes under the control of an organisation called The Shadowserver Foundation.

Cops Knock Down Dridex Malware That Earned 'Evil Corp' Cybercriminals At Least $50 Million

Forbes, October 13, 2015

A strain of malware called Dridex has been making Eastern European cybercriminals a significant amount of money in recent years. But a spanner has been thrust into their machinations by a global law enforcement action announced today that saw one significant arrest and an attempt to dismantle the crook’s infrastructure.

Researchers discover many more Cisco routers infected with malicious firmware

PC World, September 21, 2015

Attackers have installed malicious firmware on nearly 200 Cisco routers used by businesses from over 30 countries, according to Internet scans performed by cybercrime fighters at the Shadowserver Foundation.

Attack on Cisco routers just got a lot bigger

Fortune Magazine, September 21, 2015

Previously, cyber security firm FireEye reported that only 14 Cisco routers of companies in India, Philippines, Mexico, and the Ukraine were infected with the malware. Monday’s report by the Shadowserver Foundation, however, shows that compromised routers can now be found in 31 countries, with 65 of the devices located in the United States.

AusCERT 2015 awards night

Computer World, May 15, 2015

SA government, Shadowserver Foundation and Let’s Encrypt recognised for contributions to cyber security

Bank of the Underworld

The Atlantic, May 15, 2015

Liberty Reserve was like PayPal for the unbanked. Was it also a global money-laundering operation?

Is your PC a part of botnet? Check it!

Kaspersky, April 13, 2015

Many people still think that malware is a software that completely disrupts normal functioning of PCs. If your computer is working tip-top, it means it’s not infected, right? Wrong. Malware creators are not your bored cyber-cowboys anymore. The main goal of cybercriminals is not to make a cyber-badaboom just for kicks, but to earn money. In many cases this goal dictates completely opposite behaviour of malware: the best one is the least visible to users.