Botnets

[impar]

Greetings!

Fighting Storm with smog: researchers pollute botnet
...
The research team reverse-infiltrated Storm by deliberately allowing the botnet to infect a series of honeypots. Once infected, the honeypots become launch points for the researcher's own payload. Along the way, the team was able to estimate the number of infected systems by actively tracking P2P activity rather than passively observing the total amount of spam flowing out of a single botnet.

[impar]

Greetings!

Preparing for cyber warfare: US Air Force floats botnet plan
...
But in the Internet era, the technical realities associated with carrying out cyber warfare on a largely civilian network infrastructure dictate that if you build a massive military botnet aimed at shutting down enemy networks with distributed denial-of-service (DDoS) attacks, then you can expect that the public will find out what you're up to sooner or later. And they may not be all that happy about it.

Hence articles like the one that Col. Charles W. Williamson III recently published in the Armed Services Journal (via Slashdot), wherein he tries to make the public case for a military botnet as a prelude to actually building such a beast and placing it under the Air Force's control. Williamson's article fleshes out a number of things that have been hinted at so far in the ongoing public relations offensive that has followed the official unveiling of the new Air Force Cyber Command (AFCYBER).

[impar]

Greetings!

Zombie botnets continue to defy containment attempts

The anti-malware manufacturer Commtouch released its quarterly update on the state of spam in Q2 of 2008 earlier this week. The report (PDF) runs some 15 pages, but the company's overall message is considerably more succinct. In the war between the forces of good anti-malware and evil malware, we (the good guys) aren't making much headway.

[impar]

Greetings!

Dutch arrest botnet supplier
...
Acting on an FBI tip, Dutch police arrested 19-year-old after he handed over the control code in the northern Dutch city of Sneek. Apparently, a 35-year-old buyer paid euro 25,000 for the network, which included some 100,000 U.S. and Dutch computers.

[impar]

Greetings!

Adobe, Kaspersky warn of botnet worm spreading via social networks

The maker of Flash and the leading security lab said earlier this week that a worm first discovered last Thursday is being spread through social networks disguised as a update to Flash Player.

[impar]

Greetings!

Police nab Shadow creators, force botnet to commit suicide

The Dutch High Tech Crime Unit has arrested a 19 year-old man and his 16 year-old brother and charged them with operating (and attempting to sell) the Shadow botnet. Shadow was created by the two brothers, and is currently thought to infect some 100,000 machines, down from a peak of 150,000. Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case.

The arrests actually occurred several weeks ago, on July 29, but it's what happened afterwards that has made this situation interesting. Instead of simply shutting the botnet down, the High Crime Tech Unit took control of it. Once Shadow was secured, the police contacted Kaspersky Labs about providing a means to neutralize the malware. Kaspersky has made their fix public, and will also deploy the instructions over the Shadow botnet itself.

[impar]

Greetings!


Botnets activity saw sudden, unexplained surge over summer

The total number of zombiefied computers on the Internet often jumps or craters with alacrity, depending on what malware and anti-malware products are currently prowling the tubes. New data from the past 90 days, however, indicates that the total number of botnets (and the size of each botnet) have both been rising steadily since early July. At present, total botnet size is nearly five times what it was three months ago, but information on why this surge has occurred remains elusive.

[impar]

Greetings!

Facebook App Creates Botnet

Researchers successfully created a zombie botnet out of Facebook users that install a rogue application. They created an app called “Photo of the Day” and it ostensibly showed a new photo from National Geographic each day on the user’s Facebook page. Follow the jump to see what the app actually did to create a denial of service attack. Facebook downplayed it of course but their reasoning seems flawed to me.

[impar]

Greetings!