Tag Archives: botnet

Storm Botnet Bounces Back

“You can’t keep a good man down”, is an old expression that’s familiar to many of us. It seems we could coin a new expression along the same lines – “You can’t keep a bad botnet down”.

Just when you think you’ve knocked them down for good, cyber criminal enterprises seem to magically reappear, and that old familiar spamming botnet, Storm, has raised its ugly head once more.

In a previous article here, Symantec Rubs the 2010 Malware Crystal Ball, in November, 2009, Symantec projected that this reemergence was likely to occur, so Kudos to Symantec – you called this one.

image

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

According to Symantec’s MessageLabs Intelligence, they “first saw this new variant of the botnet start spamming on 30 April…. containing links to web pages hosting the well known Canadian Pharmacy site”.

image

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

Typically, the email are short and sweet –

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her…
Have long strong night in BED!
Get your favorite rxmedications here!
Win from benefits of hidden secret of pornstars!

For more information on this reemerging threat checkout The Return of Storm, on Symantec’s site.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Advertisements

4 Comments

Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, Malware Advisories, MessageLabs, Online Safety, Symantec, Tech Net News, Windows Tips and Tools

Are You in the Bullseye for Targeted Malware Attacks?

image Cybercriminals, driven by opportunity, tend to use the shotgun approach to achieve the highest “market” penetration possible, and to maximize every conceivable opportunity to spread malware.

The bad guys are strategic in their thinking; they plan ahead – and realize that the timing and implementation of tactics, based on their strategy, is critical to achieving maximum “market” penetration.

Now it seems, certain cybercriminals have developed a new strategy, and tactics, focusing on specific targets, sniping if you like, rather than using the well tested shotgun model.

You’re probably familiar with the successful China-based hacker attack against Google, which used a combination of a PDF attachment, coupled with a zero day security hole in Adobe Reader. As it turned out, Google was not the only company to be victimized in this attack. Reportedly, at least 20 other companies were also specifically targeted.

Symantec Hosted Services latest report, which focuses on this issue, is scary stuff. You’ll find that reading this report will assist you understanding the state of the current Internet threat environment, and will be helpful in expanding your sense of threat awareness that an active Internet user requires.

Courtesy of Symantec Hosted Services and MessageLabs Intelligence.

Even in a world where internet threats present an ever-evolving and increasingly sophisticated danger to businesses, targeted attacks are the most potent of all—dealing the most devastating short and long-term damage to the victims.

Counter to intuitive thinking, a high degree of sophistication makes these low volume, highly personalized emails have a higher probability of being successful than the mass email blasts.

Symantec Hosted Services has detected highly targeted attacks on seven specific companies in the education and public sectors. The attack is unique in that it used the Bredolab malware as the payload and the source of the emails are individual webmail accounts powered by one of the largest botnets currently in operation, presumably Cutwail.

This signifies a new level of sophistication on behalf of cyber criminals, where they are combine the strength of a botnet with the razor sharp focus of social engineering and the sense of legitimacy offered by popular webmail providers.

You can learn more about this particular attack on the MessageLabs Intelligence Blog.

Organizations falling foul of a targeted attack can be faced with crushing bills running into hundreds of thousands of dollars. Lost business, bad publicity, plunging share price – these are just some of the potential consequences of a successful attack.

Here’s a look at some of the popular techniques currently being deployed by cyber criminals:

Targeted Trojans – Aimed and delivered with sniper-like precision, the targeted Trojan’s objective is to slip through an organization’s defenses and cleverly dupe the recipient into downloading a malicious ‘Trojan program onto their computer.

The Trojan may, silently and secretly, lie hidden for weeks, months or years, slowly but surely undermining the targeted organization and imperceptibly eroding their performance and ability to compete.

Phishing Attacks – Schemes that trick people into sending money or providing personal information, phishing emails (and variations called “pharming” or “whaling”) are used for identity theft. A cyber-criminal who sends emails that contain authentic information about the user or their company greatly increases the odds of getting a “bite.”

Social Networking – One popular approach is to create a fake profile on a social media website and use it to post malicious links that “phish” for corporate users. In this form of phishing, spammers post blog comments on other members’ pages; obtain the unsuspecting members’ account information; then send messages from the phished accounts to other contacts.

Organizations must balance the business value of social media websites with the risks of many non-secure social media environments.

About Symantec: Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Internet Security Alerts, Malware Reports, MessageLabs, Phishing, Symantec, trojans, Windows Tips and Tools

The Mega-D Botnet Bites the Dust – Sort Of!

image BOTNET. The name sounds as if it belongs in a Sci Fi flick, in which it’s used to describe a robotic zombie army up to no good; bent on committing general mayhem.

Take the Sci Fi movie out of the equation and you’ve got the right idea. A botnet is a zombie army; but an army of individually owned, Internet connected computers, surreptitiously controlled by a so called “command and control center” – read, the “Bad Guys”.

Unknown to the owner of these individual computers, his or her machine is acting as a source of transmission, a relay point if you like, spreading spam, and in some cases infectious malware, including ads pushers, rogue AV installers, data stealers, and web search hijackers, to other Internet users’. Most of the spam you receive on a daily basis, for example, is a product of these zombies; both large (in some cases very large), and small.

It’s not surprising then, that various groups, or individual companies, within the Internet security community, monitor the formation and demise of botnets and wherever possible, attempt to take them down.

The following email I received from Symantec’s MessageLabs Intelligence, which I’d like to share with you, indicates the great efforts Internet security organizations make, in attempting to keep the Internet safe for all users.

Email from MessageLabs Intelligence:

Researchers at the Fireeye intelligence lab recently decided to attempt to take down the Mega-D botnet after doing detailed analysis of its inner workings. It seems their actions have been very successful indeed, as our monitoring shows a huge decline in this previously prolific botnet’s activity.

Mega-D was the botnet that took the biggest advantage of the takedown of the McColo ISP in November 2008, becoming the biggest of all the spam botnets. Since then, others (such as Rustock, Bagle, Grum, and Cutwail) have gained strength, but Mega-D has consistently been in the top 10 spam bots. Or at least it was, until the 4th of November, when it was hit, and hit hard.

This shows the number of unique IP’s seen on our systems on a daily basis for the Mega-D botnet. Normally between 600 and 1600 IP’s are seen each day, but you can see quite clearly that after the 4th that it plummeted down to less than 50.

 

image

 

image

It is unlikely that the botnet will ever be completely wiped out, but the efforts of the Fireeye team have crippled Mega-D to the point where it will be a long time (if indeed, ever) before it is able to regain its former standing.

To see the original news posting on MessageLabs Intelligence Blog, please follow this link.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on The Mega-D Botnet Bites the Dust – Sort Of!

Filed under bots, Don't Get Hacked, Interconnectivity, Internet Safety, Internet Security Alerts, Malware Advisories, MessageLabs, Online Safety, Symantec, Windows Tips and Tools

The State of Spam – Symantec Reveals the Top U.S. Spammed States

Courtesy of MessageLabs

MessageLabs today unveiled a list of the top U.S. spammed states… and the results may surprise you. The spam capital of the US is Idaho with 93.8 percent of spam, far exceeding the global spam rate for September 2009 of 86.4 percent.

Idaho has jumped 43 spots since 2008 when it was ranked the 44th most spammed state. The difference can be attributed to the resilient and aggressive botnet market as well as a higher volume of global spam that has ensued since the beginning of the credit crisis toward the end of 2008.

image

There are currently between four million and six million computers scattered across the globe that have been compromised to form the powerful botnets responsible for the majority of spam. They’re used by cybercriminals to send out more than 87% of all unsolicited mail, equating to approximately 151 billion emails a day.

The top spammed U.S. states in order: Idaho, Kentucky, New Jersey, Alabama, Illinois, Indiana, Massachusetts, Pennsylvania, Arizona and Maryland.

“Some of the high spam levels seen across the US can be attributed to the economic challenges experienced globally since the end of 2008 as well as Internet advancement including the high adoption of social networking,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “Spammers have taken full advantage of both the economic uncertainty of some and the trustworthiness of others for their own rewards. Automated tools, resilient botnets and targeted spam campaigns are all part of the spammers’ toolkit and they are constantly evolving these techniques to outsmart any effort to stop them. No state is immune to the affects of spam.”

The least spammed? The US territory of Puerto Rico, with 83.1 percent of spam (just below  the global average spam level). Puerto Rico retained its status among the least spammed states since 2008. Other states with the least amount of spam: Montana, Alaska, Kansas, South Dakota, Tennessee, Vermont, Rhode Island, Wisconsin and Florida.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on The State of Spam – Symantec Reveals the Top U.S. Spammed States

Filed under Don't Get Scammed, Don't Get Hacked, Email, Interconnectivity, Internet Security Alerts, Malware Reports, Online Safety, Symantec, Windows Tips and Tools