Ramnit Botnet Extends Infection Reach To Over 28 Countries and 500,000 Computers

Posted on March 11, 2015 by .

Share and Enjoy:
Follow Me on Pinterest More More

The Ramnit malware threat, which has recently evolved into a dangerous botnet, is extending its presence across the world infecting hundreds of thousands of computers. The systems infected with Ramnit may be used to exploit online banking accounts, much like how other well-known botnets have done in the past.

Among many of the banking theft botnets, Ramnit is a bit late to the game getting its start in 2010, then recognized as a computer worm threat. Now, after an update through as many as two command and control servers, Ramnit has the ability to shut down security applications including all security components of Windows.

The expansion of Ramnit tends to lead experts down a path where such an infection may reach over a million computers before it is stopped in its tracks. Because of the unsurpassed sophistication of Ramnit, it has an upper hand to evade tracking and detection.

Dynamic IPs used by Ramnit on infected systems makes it difficult to track them down. Additionally, in the past six months Microsoft researchers have seen more than 500,000 systems become infected making the growth rate of Ramnit rather alarming.

The vast spread of Ramnit has reached more than 28 countries, and that number is bound to go up. Among those 28 countries, the most compromised systems reside in Indonesia with about 90,925 in total accounting for 26.27% according to Symantec’s data in recording this infection thus far. India is second in line with 80,144 infections at a 23.16% rate with Vietnam at 37,708 and a 10.03% rate with Algeria at 5.73% and Thailand at 4.84% completing the top 5 locations.

Other regions of the world account for 23 countries where Ramnit has reached, including the UK Egypt, Philippines, Saudi Arabia, Pakistan, Iran, Azerbaijan, Morocco, Nepal, Nigeria, Malaysia, Romania, Yemen, Russian Federation, Turkey, Mexico, China, Brazil, Myanmar, Palestinian Territory, and Mongolia.

From the extensive list of countries showing no rhyme or reason for the locations, Ramnit’s operators have no desire to focus in on a specific target location. However, it may be prudent to mention that attackers behind sophisticated botnets like Ramnit may exploit systems that prove to be more vulnerable than others, which could lead them down a path to virtually any location in the world.

Popularity: 13%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word