Score one for the good guys
A researcher from BrilliantIT was recently able to figure out how infected computers would connect to EITest's command and control server, and using that information, was able to bring down their entire network.
If you haven't heard of EITest before, the true significance of that statement might not be registering.
EITest first appeared in 2011. In its original incarnation, it was little more than an annoyance. It was a collection of compromised servers used to direct web traffic to poisoned websites, where the owners could infect unsuspecting users with their homegrown malware.
In 2013, EITest's owners got savvy, relentlessly grew their network to more than 52,000 compromised machines and started renting their network out to hackers around the world to drive traffic to their poisoned websites. This unleashed a torrent of wildly destructive malware. Ever since it's been a thorn in the side of IT professionals everywhere.
How the hackers were sunk
Using the crack discovered by BrilliantIT, researchers were able to redirect all traffic to a sinkhole, effectively shutting the network down altogether.
Since then, it appears that the hackers have made one half-hearted attempt to regain control of their network, and then apparently gave up on the idea.
While this is undeniably good news, EITest isn't the only traffic distribution network on the Dark Web, and even if the hackers have given up on the idea of recovering access to their old network, there's nothing stopping them from building a whole new one. That's not to undercut the significance of the victory here, but rather, merely to point out that it's a temporary win and reprieve, at best. They'll be back. They always come back.
Our perspective
Good news is rare on the security front, and when it is found, we should all take a moment to celebrate. Kudos to the team at BrilliantIT!
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.
Denis S Wilson
I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller, fast-growth companies in Greater Los Angeles. And have created cost-effective IT solutions, including managed IT support systems, for small business for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs to business and professional associations.
Check out this blog post
"Cyber Security Check List That Will Underscore Your Potential Business Risks"
