Security Bullet In
Communiques from the security front, sir
Friday 8 February 2008, 10:26 AM
Botnet more dangerous than Storm?
An article in Dark Reading warns of a Trojan that can circumvent most anti-malware products, being aimed at corporate networks. The Trojan and the botnet it is seeking to build has been called "Mayday" by security vendor Damballa, Dark Reading reports.
However, what seems to set this botnet apart is that it can communicate through an organisation's web proxy to download updates.
"MayDay uses a combination of techniques to communicate with its bots, including hijacking browser proxy settings, says Tripp Cox, vice president of engineering for [security company] Damballa," writes Dark Reading. "He says, "It can communicate through an enterprise's secure Web proxy and conduct updates and attack activities" -- a unique method for a botnet.
The botnet uses two forms of P2P communications to ensure it can talk to its bots, including [encrypted] Internet Control Message Protocol (ICMP). "This malware is for multiple protocols and is specifically designed to be successful despite whatever security controls might be" in place, Cox says."
I heard whispers of a possible botnet to rival Storm last week, but a quick ring around of security vendors in Europe yielded no information - no-one I spoke to had heard anything.
Since then security vendor Symantec has put out a warning of a Trojan it has called "Daymay", although the risk level it has assigned it is "very low".
I'll keep an eye on this news as it develops.
PreviousComments on this post
I wonder what it is that these people get out of unleashing these viruses,
I suspect some are linked to anti-virus companies, otherwise why would anyone risk going to jail if there is no benefit?
Sadly, there is a benefit to building these botnets. Amongst other things these are the systems which pump millions of spam emails into the internet pushing pump-and-dump shares, pen*s enlargement, a cocktail of non-recreational drugs and $100 of free money when you open an account an an online casino (or at least that is what I am being sent spam about at the moment). Look at it from their point of view. Send out a million emails for next to nothing and get a 0.01% take up rate. That is still 100 new customers at next to no marketing cost. Sell them the fake drugs or get them to buy the worthless shares and you make your real killing. Sadly, there is a great deal of money in spam and that is why some very clever but morally bankrupt teams of individuals are putting so much time and effort into it. It is pure capitalism unconstrained by the law. Personally I think that until emails are filtered and held by ISPs using spam lists provided by organisations like Spamhaus and Spamcop, the problem will only get worse.
I received 38 emails today, 30 of them were spam, that is 79% spam. How much email pollution did you receive?
