A recent white paper from AVG gives a comprehensive rundown on what it has dubbed the Mumba botnet, thought to be controlled by the Avalanche cybercriminal network. Of the 55 000 machines the company claims to have been infected, 33% of them reside in the US, followed by Germany (17%), Spain (7%), and the UK (6%).
Mumba uses four different variations of the Zeus banking trojan according to the security firm, which is primarily used to pilfer banking data. AVG called Avalanche “one of the most sophisticated group[s] of cybercriminals on the internet” for its fast-flux network infrastructure, a mass-production system that deploys fishing sites and crimeware.
AVG says its research has uncovered more than 60 GB of stolen data on the Mumba server, including baking information, card numbers, emails, and account login info.
Tracking the Mumba botnet since its release, AVG says its first infection campaign began at the end of April with 35 000 compromised machines and has gradually increased to a total of 55 000 since.