Dutch police have announced the arrests of the alleged author of W32.Toxbot and two alleged accomplices. Toxbot has been implicated in the creation of a botnet consisting of over 100,000 infected computers, reportedly used to steal bank, credit card, and Pay Pal account information.
W32.Toxbot is an IRC backdoor Trojan that logs keystrokes used to steal passwords and other sensitive information. The Toxbot Trojan also acts as a downloader, allowing it to remotely retrieve other malware (malicious software) and further infect the system. The Trojan can also end processes related to antivirus and other security software, leaving the infected system vulnerable to further compromise.
W32.Toxbot spreads via the following security exploits:
- SQL Server Privilege Escalation vulnerability (MS02-061)
- ntdll.dll buffer overflow vulnerability (MS03-007)
- RPC/DCOM buffer overrun vulnerability (MS03-026)
The names of the accused have not yet been released. The alleged author was said to be 19 years of age and his accomplices aged 22 and 27. The three are also suspected of blackmailing an unnamed US company, threatening the company with a DDoS attack presumably to be launched from their Toxbot botnet.
To see whether you've been an unwitting participant in the Toxbot botnet, scan your system with one of these top rated antivirus scanners to detect and remove W32.Toxbot.
