A security research firm has revealed that the Iranian Cyber Army has been running a massive botnet network that has infected 20 million computers worldwide.
The Iranian Cyber Army is the group responsible for the December 2009 defacement attacks on micro-blogging platform Twitter and Chinese search engine Baidu. The group at also attacked the European TechCrunch website in September 2010.
According to Seculert, the crime server used to orchestrate the attacks by the Iranian Cyber Army was exploiting several vulnerabilities at the same time, indicating at an exploit kit.
The company was able to discover the exploit kit’s administration panel, as well as its statistics page.
The primitive design of the administration panel and the statistics page indicated that it was being used only by the Iranian Cyber Army and not any other group. Usually, exploit kits sold in underground forums are used by several cyber gangs at once.
The title of the administration panel was 'Iranian.firstname.lastname@example.org', the same e-mail address used by the group in the attack.
“As we were able to track the use of this exploit kit back to August 2010, we can now extrapolate the number of machines that potentially got infected by this group of cyber criminals: 14,000 x 24hrs x 60days ~= 20 million infected machines!” the company said.