Trojan virus sets up multiple botnets
June 8, 2005
Thor Larholm, senior security admin at PivX Solutions said the complex botnet originators have elected not to use major network viruses and have instead turned to very small and sporadic attacks. "We're not seeing the Sasser and Slammer attacks anymore. We're now seeing these worms variants infecting just twenty or thirty machines at a time.
The attacks are smaller and the botnets are limited, and that allows them to stay under the radar for the most part," he said.
Both Thompson and Larholm said they see a direct connection between the botnets-for-rent and the adware/spyware scourge. "Botnets are not just for spamming anymore. They are being rented to install spyware," Larholm said.
He said the complicated affiliate schemes that pay commissions based on spyware installs have created a lucrative market for botnet controllers.
Computer Associates' Thompson agreed. "I think that the adware component is becoming clearer, particularly on the bigger botnets. Whenever someone yells at the adware providers, they blame the affiliates. Well, that's the problem. The affiliates are using criminal means to install spyware, and these botnets are a key part of the puzzle."
Andrew Jaquith, security analyst at Yankee Group Research Inc., said the notion of purchasing the use of botnets, or zombie grids, is well-known in the industry. "There's a sharp uptake in the amount of spam being generated by these zombies. It's pretty well-organized," Jaquith said.
"I see this particular malware cocktail as being more evolutionary than revolutionary. The so-called 'blended threat' that it represents is just a combination of existing techniques, updated and tweaked," Jaquith added.
He said he had independent information that zombies are rented out for illegal use and said Computer Associates' assertion of a 5 cents-per-machine market price is quite eye-opening.
"What's interesting about the general trend in malware such as this is that the goal is not to do damage on the victim's system per se, but to enlist it in the attacker's zombie network," Jaquith said.
"It's more useful to the bad guys to leave their targets alive. All Granny's going to notice is that her computer is running slowly while, unbeknownst to her, it's blasting out spam or assisting in a denial-of-service attack."
Even worse, CA's Thompson said, "I think the bad guys are in danger of winning."
"Here we have people who understand how anti-virus works and are smart enough to release multiple approaches to get the 'seeds' through. This wasn't your usual mass-mailer," Thompson said.
Shane Coursen, senior technology consultant at Kaspersky Lab, said CA's theory of a small band of organized criminals is very credible. "We're seeing all kinds of coordination and communication between Trojans, botnets and virus writers."
In an interview, Coursen said there's a massive race among malicious hackers to build and control massive botnets. "It's a very lucrative business, so this is not a surprise at all."
With the rapid proliferation of new types of virus, Trojan and worm attacks, PC users are urged to be strict about following security guidance.
This includes never opening and executing file attachments from unknown sources. Even if the source of the attachment is known, a good rule of thumb is to double check with the sender to make sure it is a legitimate file.
Microsoft Corp. offers detailed information on how to protect against viruses. These include applying security patches in a timely manner and using an Internet firewall. For computers running Windows XP SP2 (Service Pack 2), Microsoft suggests turning on automatic updates and using the Windows Firewall that is enabled by default.
It is also important to subscribe to industry standard anti-virus software and to keep updates current.
Microsoft also offers free clean-up tools, including a malicious software removal tool and an anti-spyware application.
Symantec Corp. also provides a free removal tool for the Bagel virus and its variants.
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing