Posted 11/12/09 at 01:15:35 PM by Paul Lilly

Trend Micro has issued a warning that the Koobface botnet has begun pushing out a new component capable of automatically registering a Facebook account and confirming an email address in Gmail to activate the fake persona. Once Koobface becomes part of the social network's community, it begins randomly joining Facebook groups, adding friends, and posting messages to people's walls.

"Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook," says Trend Micro. "All Facebook accounts registered by this component are comparable to a regular account made by a human. The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books, among others. In addition, every account registered is unique in such a way that the details vary for every account registered."

That's pretty wild, and it's done using Internet Explorer to create and register the account, according to Trend Micro. But what's interesting is that the Koobnet botnet halts its dastardly deed if the affected user is kicking it old school with IE6.

So how do you avoid being duped by a fake friend? You could become a loner, but that might get, well, lonely. Common sense applies - be sure you know who it is you're adding. And as usual, be wary of clicking on links. Trend Micro says the messages posted through Facebook's wall contain a link that leads to the fake Facebook or YouTube page hosting the Koobface loader component.

Read More

Posted 11/10/09 at 06:30:15 PM by Ryan Whitwam

Security firm FireEye has reportedly struck a massive blow against spam. The so called “Mega-D” or “Ozdok” spam botnet was effectively dismantled by these intrepid security researchers. After studying the beast, FireEye launched an attack by notifying ISPs, having command and control (CnC) domains removed, and then registering unused CnC domains.

Almost immediately, the spam ceased. No small feat, considering Ozdok was probably responsible for one third of the world’s spam. This takes the load off ISPs which were forced to filter the spam from this botnet. Individual users probably won’t notice much difference.

FireEye found that over 246,000 zombie machines were reporting to the CnC domains in their possession after the takedown. The security firm plans to work with ISPs to indentify the owners of the PCs so they may remove the malicious software.

Read More

Posted 10/22/09 at 08:06:10 PM by Bart Salisbury

Human ingenuity is endlessly fascinating. Offer a guy a penny to do a task, and he’ll turn you down, no matter how simple. But give him a computer and let him write some code that will do it automatically, and he’ll take you to the cleaners.

Botnets, those pesky little creatures that perform automatic tasks, are not only becoming more commonplace, they are becoming more sophisticated. These nasty little beasties are now being used in ever more cunning ways to suck income out of unsuspecting advertisers and search engines through click fraud. According to Click Forensics, botnets accounted for 42.6% of all click fraud in the 3rd quarter of 2009--a near double increase over the same period in 2008.

You have to admire the ingenuity. One botnet, “Bahama,” carefully mimics natural searches to make them look real, and hence harder to detect. The botnet’s name comes from it redirecting traffic through some 200,000 parked domains in the Bahamas. Ultimately, the origins of the botnet was traced to the Ukrainian Fan Club, known as “online fraudsters,” and most likely comprised of guys hygienically unable to date.

Most botnet activity comes from outside the United States: the United Kingdom, Vietnam, and Germany being the top three. Germany and Vietnam I can understand, but the United Kingdom? I’ve been there. They aren’t that clever. They put a lemon wedge in a Corona.

Read More

Posted 08/03/09 at 05:10:12 PM by Paul Lilly

Scientists at Sandia National Laboratories in Livermore have setup a supercomputing cluster of over 1 million Linux kernels as virtual machines. They did so in hopes of better understanding how botnets operate.

"The sheer size of the Internet makes it very difficult to understand in even a limited way," said Ron Minnich, one of the researchers. "Many phenomena occurring on the Internet are poorly understood, because we lack the ability to model it adequately. By running actual operating system instances to represent nodes on the Internet, we will be able not just to simulate the functioning of the Internet at the network level, but to emulate Internet functionality."

Making the project possible, Sandia utilized its Albuquerque-based 4,480-node Dell high-performance computer cluster, known as Thunderbird. it took 250 virtual machines coupled with the physical units in Thunderbird to run the over one million Linux kernels. And this is just the beginning.

"It has been estimated that we will need 100 million CPUs by 2018 in order to build a computer that will run at the speeds we want," said Minnich.

Read More

Posted 07/20/09 at 12:55:51 PM by Paul Lilly

You knew it would happen sooner or later, we're just a little surprised it took this long for hackers to release a botnet running on mobile phones. According to Symantec, a piece of malicious software called Sexy Space may be the first documented case.

Like most botnets, Sexy Space relies on quite a bit of user interaction to be effective. Those who ultimately become a zombie in the botnet first receive a text message saying "A very sexy girl, Try it now!" Inside the message is a link that must be clicked, which then asks the potential victim to download software. The software then scours through the user's contact list and sends an SMS with the same message to each person.

Symantec says that this particular botnet is being controlled by a central server, but it remains unclear whether or not the phones respond to remote commands.

We're undoubtedly preaching to the choir on this one, but be wary of any rogue text messages, especially when they ask you to click a link and download software.

Read More