Czech specialists uncover malicious botnet targeting individual internet users, small businesses

16-02-2010

Czech security experts announced on Monday they had uncovered a global botnet network allowing hackers to steal private information by tapping private modems and other computer devices. The viral network, dubbed “Chuck Norris” after the brawny Hollywood star, was used to gain everything from banking passwords to personal info. It is only the second time Czech experts have seen such a system in use, saying on Monday that individual users and small businesses were at the greatest risk.

US actor Chuck Norris has been the subject of countless memes on the Internet - now unknown perpetrators have stolen his name for their secret botnet network. Humorous as it may seem, it’s no laughing matter, as Czech specialists at Masaryk University in Brno in conjunction with security experts at the Defence Ministry and the University of Defence, revealed on Monday. The botnet (spread across Europe to as far as South America and China) was tapping modems and other computer items to steal and control sensitive data. The country’s Defence Ministry confirms that users relying on modems are at risk if they fail to change original security data, in other words manufacturers’ default settings. Lucie Kubovičová is the spokeswoman for the Czech Defence Ministry:

Lucie KubovičováLucie Kubovičová “The threat level by the virus is high: the infected devices – ADSL modems and SOHO Internet access point devices do not use anti-virus programmes and are not protected. The hackers want to have power over these devices, they want to tap private information, or they want to use the botnet to attack other targets in the future.”

Jan Vykopal, who headed the project at Masaryk University says it is not the first time hackers have tried such a botnet but that this one in particular is more developed than a previous attempt.

“It’s the second time: in early 2009 there was a first attempt to abuse small home office devices for these purposes but what we are seeing now is more sophisticated and this attack has more impact all around the world.”

According to Jan Vykopal, it will be notoriously difficult for officials from country-to-country to find the perpetrators: while the original central server was believed to have been in Italy that has since shut down. Other indicators lead to France: the problem is that a malicious botnet like the ‘Chuck Norris’ can be operated from anywhere in the world.

“They can use stepping stones, kinds of computers that they compromise and abuse to conduct these attacks.”

So it’s difficult to find the real source?

“Yes, it’s hard to discover the identities of the attackers.”

Finally, if you’re wondering how they learned that the malicious botnet was named after that famous actor, Jan Vykopal also told me a little about that:

“In the binary numbers, in the source code of this bot, we found the statement ‘Ine nome di Chuck Norris’ – In the name of Chuck Norris in Italian. So the programmer evidently liked this TV hero.”

16-02-2010