botnet

New Windows worm builds massive botnet

Paul Mah — Tue, 02 Dec 2008 04:48:05 -0500

A critical bug patched by Microsoft in an emergency fix in late October has been exploited to build a new, massive botnet. Ivan Macalintal, of Trend Micro, thinks that about 500,000 PCs have been infected in just a week and a half, with the number starting to grow. Article

Security software has gaps

Judi Hasson — Sat, 29 Nov 2008 13:22:43 -0500

Security systems certainly have improved over time, but it is estimated that only about 40 percent of the anti-virus software programs actually can detect binaries during the period of greatest danger, the first few days when a variant starts being used by botnet builders. Stuart Staniford, chief scientist for FireEye, ran a test to see why the detection systems were being evaded. He uploaded a sample of 217 binaries culled from FireEye appliances on customer premises, and ran 36 anti-virus programs.

About half of the binaries picked up by FireEye were unknown to detection systems. Staniford said malware often uses 'polymorphisms'-- programs that are constantly changed very slightly to evade binary pattern detection. He said this makes it important that anti-virus programs can spot malware in the first week of its use. "The sample is likely to get discarded by the bad guys pretty soon after that," he told PCWorld.com.

For more on anti-virus security:
- see this PCWorld.com article

Related Articles:
IT security news from FierceCIO

Dutch botnet masters arrested

Paul Mah — Tue, 05 Aug 2008 05:35:45 -0400

Two brothers suspected of assembling a botnet of between 40,000 and 100,000 zombies have been arrested by the Dutch police. The younger brother was only a 16 years old, while the older brother is 19. Apparently, the FBI have been investigation the brothers for a while before contacting the Dutch authorities about it. The brothers were arrested after a transaction in which control of the botnet was sold to a 35-year-old man in Brazil for a cool €25,000. The purchaser is now awaiting extradition to the United States. It is not known what the man intended to use the botnet for.

To read up more on this story:
- check out this article from The Register

Watch out for Valentine's Day spam

Thu, 14 Feb 2008 06:59:59 -0500

The potential for email spam on Valentine's Day is so great that even the FBI is getting involved. "With the holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software," the FBI said in an alert posted to the home page of its Web site on Feb. 12. "The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target."

The FBI was late in issuing its warning, according to an article in ComputerWorld. For several weeks, security vendors have been warning that the worm would use this romantic holiday to trick computer users into opening attachments or clicking links, letting the culprits in the door. Last year, the botnet Trojan made its first splash in January 2007, and researchers have long expected its return this Valentine's Day as well.

That's exactly how things have played out in the days leading to Feb. 14. Trend Micro's David Sancho spelled it out in a post to the company's blog on Monday, giving employees a short warning of what might be coming instead of flowers and chocolates. "The spammed e-mail messages are just plain text, but contain links that lead to malicious Web sites displaying one of eight cute Valentine images," Sancho said. "If you run the executable named 'valentine.exe,' your system will join the Storm botnet to start spamming other Internet users." "Not very loving of them," Sancho concluded.

For more on Valentine's Day spam:
- See this ComputerWorld article

SPOTLIGHT: Worm authors making millions

Tue, 12 Feb 2008 06:59:52 -0500

As if you didn't already have enough reasons to hate the authors of the recurring "Storm Worm," IBM has estimated that that the worm makes as much as $2 million a day by renting out its extensive botnet to spammers. Article

Is your VoIP network secure?

Thu, 10 Jan 2008 06:59:58 -0500

Got VoIP security? Well if you don't, this may be the year that you see the first serious attacks on your VoIP networks. It may also be the year that the forthcoming presidential election and Olympic games face serious hacking attacks. The year 2008 is expected to be dominated by security issues, and that is no surprise. While you may not be anywhere near the Olympics, your systems may feel the impact of an attack. You may think you have the very best security, but you may not. Also on tap are Storm-like botnets with decentralized command-and-control structures that make them much tougher to stop, said Craig Schmugar, researcher at McAfee. "Storm is a trend setter," Schmugar said of the infamous botnet that traces back to a network attack launched one year ago. "A lot of the spam we see is coming across Storm-compromised machines." McAfee also predicts waves of malware looking for specific files and embedding themselves. It may not sound like the soap opera, "As the World Turns," but be prepared!

For more on this year's security threats:
- See Network World article

Cybercrime on the rise

Mon, 03 Dec 2007 07:00:00 -0500

The FBI recently announced the arrest and prosecution of several cybercrime cases against individuals accused of defrauding banks, companies and consumers. It is part of an FBI probe called "Operation Bot Roast." And it is just the beginning of a crackdown into the compromise of two million PCs attacked by at least 10 individuals.

It's pretty scary when you look at the kind of cases being prosecuted. A 21-year-old student at the University of Pennsylvania was recently indicted for orchestrating attacks from a botnet of 50,000 PCs against various online chat networks. The scheme had a very far reach--the student was charged with working with an individual from New Zealand. Meanwhile, a 27-year-old Tacoma, Wash., resident pleaded guilty in September to maintaining a botnet of hundreds of thousands of compromised PCs. He rented them out to spammers and people who wanted to use the bot network to take websites offline.

There are plenty of others, too. This may sound a bit like Bonnie and Clyde or the Wild West, but the reality is these are now new types of crimes that did not exist a decade ago. It's important for every CIO to remember that your network is not just your own. You probably keep your door locked at night and park your car in a safe location. With these new kind of cybercrimes, it's important to remember that law enforcement may not know what is coming next until a successful attack has been launched. Will you be the next victim?

ALSO: For a look at what's coming down the road for CIOs, check out this week's special report on eDiscovery, a legal issue that involves preserving and keeping track of electronic documents, including email, in the event of a court order to turn the material over in a lawsuit.-Judi

eBay CISO: Online attacks getting worse

Thu, 04 Oct 2007 06:59:59 -0400

If you think online attacks and phishing are getting worse, you're correct--at least according to Dave Cullinane, eBay's chief information and security officer. On Tuesday, at a Microsoft-sponsored security symposium at Santa Clara University, Cullinane said that today's attacks are getting much harder to detect. "The phishing e-mails I see are extremely sophisticated." Even the grammar is improving in phishing attacks and he suggested that malware developers are being funded to develop new and improved attacks. He noted that many of these phishers are using Linux machines due to the platform's reliability and strength in running server software. eBay recently went thorough an internal analysis of its threat condition and found a large number of hacked, botnet computers, he said.

For more on the state of security at eBay:
- see the article in Infoworld

The march of the botnets

Wed, 18 Apr 2007 20:01:38 -0400

Botnets, networks of hundreds or even thousands of infected machines, aren't going away anytime soon. They can be used to wreak real havoc, including spamming and theft of financial and identity-related data, but they are capable of much more. They are on the brink of a technological leap to more resilient architectures and more sophisticated encryption that includes peer-to-peer networks that will make it much harder to track, monitor and disable them. With a P2P botnet, there is no centralized point for command and control. Each node in the network acts as both client and server, eliminating the central chokepoint. Individual nodes can be knocked offline, but the gaps in the network will be closed without the loss affecting the botnet's operation or the attacker's control. One of the most efficient ways for enterprises to address the bot problem is to blacklist malicious sites and hosts and block access to them. Botnet watchers are also seeing a trend toward stronger encryption, which is used by attackers to ensure that bots added to the network are in fact legitimate, as opposed to being nodes belonging to researchers working to infiltrate a botnet and block it or take it down.

Read more about the threat of botnets:
- read the article at eWeek

ALSO: read this on how trojans bolster botnet powers

Botnet threat demands attention

Sun, 07 Jan 2007 19:01:38 -0500

Consider this statistic: botnet malware is currently living on 11 percent of the 650-plus million PCs online today, most of them Windows-based computers. As one computer scientist describes it, it's an "insidious" threat that still isn't getting the attention, or respect, it requires, as botnet activity is only expected to keep growing each year. According to a security expert, businesses are currently losing the war in fighting such data threats.

For more on why botnets demand greater scrutiny:
- read the article at the New York Times