Score one for the good guys. A researcher from BrilliantIT was recently able to figure out how infected computers would connect to EITest’s command and control server, and using that information, was able to bring down their entire network.
If you haven’t heard of EITest before, the true significance of that statement might not be registering.
EITest first appeared in 2011. In its original incarnation, it was little more than an annoyance. It was a collection of compromised servers used to direct web traffic to poisoned websites, where the owners could infect unsuspecting users with their homegrown malware.
In 2013, EITest’s owners got savvy, relentlessly grew their network to more than 52,000 compromised machines and started renting their network out to hackers around the world to drive traffic to their poisoned websites. This unleashed a torrent of wildly destructive malware. Ever since, it’s been a thorn in the side of IT professionals everywhere.
Using the crack discovered by BrilliantIT, researchers were able to redirect all traffic to a sinkhole, effectively shutting the network down altogether.
Since then, it appears that the hackers have made one halfhearted attempt to regain control of their network, and then apparently gave up on the idea.
While this is undeniably good news, EITest isn’t the only traffic distribution network on the Dark Web, and even if the hackers have given up on the idea of recovering access to their old network, there’s nothing stopping them from building a whole new one. That’s not to undercut the significance of the victory here, but rather, merely to point out that it’s a temporary win and reprieve, at best. They’ll be back. They always come back.
Good news is rare on the security front, and when it is found, we should all take a moment to celebrate. Kudos to the team at BrilliantIT!