Polish Registrar Shuts Down Multiple Domains Used by Virut Botnet

CERT Polska is doing everything it can to reduce the botnet's impact

By on January 19th, 2013 10:57 GMT

Security researcher Brian Krebs reveals that NASK, the Polish domain registrar in charge of .pl top-level domains, has shut down a number of domains used by the notorious Virut botnet.

According to Poland’s Computer Emergency Response Team, CERT Polska, the domain names have been used to spread and control the Virut malware.

“A number of domains in .pl, most notably zief.pl and ircgalaxy.pl, have been used to host Virut, its command & control IRC servers, as well as to host other malware including Palevo and Zeus,” CERT Polska explained.

“NASK, the operator of the Polish domain registry, took over 23 of these domains yesterday (Jan 17, 2013) in an effort to protect Internet users from Virut-related threats. Name servers for those domains were changed to sinkhole.cert.pl, controlled by CERT Polska – an incident response team operated by NASK.”

Earlier this week, Symantec reported that cybercriminals were using the Virut malware to download W32.Waledac.D, the malicious element that powered the Waledac (Kelihos) botnet. Experts found that each of the zombie machines infected with the Waledac malware was capable of sending out 2,000 spam emails per hour.

Symantec’s calculations reveal that around 3.6 billion spam emails can be sent out by Waldac in just one day.

Comments