botnets – The Crow's Groove

Researcher Demonstrates Proof-of-Concept Botnet of Android Phones

Just what the world was waiting for… *sigh*

[Georgia Weidman’s] Android proof-of-concept botnet installs itself in a fashion similar to the DroidDream malware, a trojan that could record phone conversations. The proof-of-concept botnet payload could be spread in several ways—either as part of a malicious application on an app store, or through a Web link sent to the smartphone or clicked in the mobile browser. “It ‘roots’ the phone,” she said, “and it works as a proxy between the cellular modem and the application layer.”

iOS users aren’t safe either. Weidman said that a similar botnet could also be created on iOS devices, but the malware needs to be distributed via a “jailbreak” package.

Link : ars technica – Researcher demos threat of “transparent” smartphone botnets

Microsoft’s Latest Security Intelligence Report from 2011

Some interesting quotes from Ars Technica’s summary of Microsoft’s latest Security Intelligence Report (linked below). The first one talks about spam volumes. We’re talking about billions of messages a month here, which is mind-boggling if you try to imagine this.

Microsoft … attributes the drop [in spam volumes] primarily to the “takedowns of two major botnets: Cutwail, which was shut down in August 2010, and Rustock, which was shut down in March 2011 following a period of dormancy that began in January.” Consequently, the biggest drops in e-mails blocked occurred in September 2010, when spam dropped to about 65 billion messages, and in January 2011, when it fell under 40 billion. The low point was in May 2011, with about 22 billion, but it ticked up again in June.

The next quote is about Java, and it’s not really good news for Java:

The most commonly observed exploits target vulnerabilities in Java, specifically the Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit. “Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters,” Microsoft said.

For more details and some interesting graphs, visit the link below.

Link : ars technica – Microsoft finds 64 billion fewer spam messages per month after …

Can Steve Jobs’ iPhone Walled Garden Model Stop Botnets?

On an iPhone, every app lives in its own “walled garden”. An app can only read and write files in its own document folder and cannot access the document folders of other apps or files of the core system.

Mathew J. Schwartz of InformationWeek has the opinion that this approach should be introduced in Windows as well to “gain an edge in the botnet war of attrition” as he says. And you know what? I think he is right.

If you have read the reports of Apple’s “Back to the Mac” event, you may have noticed that Apple is already heading in that direction. During the keynote, Steve Jobs introduced an app store for the Mac. I am curious if Microsoft will do the same in the future for their Windows OS.

Below the jump you will find a quote and a link to Mathew J. Schwartz complete story.

Continue reading Can Steve Jobs’ iPhone Walled Garden Model Stop Botnets?

Zeus Botnets’ Achilles’ Heel Makes Infiltration Easy

So what are we waiting for? Take ’em down!

A security researcher has discovered a potentially crippling vulnerability in one of the most widely used botnet toolkits, a finding that makes it easy for blackhats and whitehats alike to take control of huge networks of infected PCs.

The flaw in the Zeus crimeware kit makes it trivial to hijack the C&C, or command and control, channels used to send instructions and software updates to compromised computers that often number in the hundreds of thousands. There are in turn thousands or tens of thousands of botnets that are spawned from Zeus, and the vast majority are susceptible to the technique.

That means the bug could make takedowns by law enforcement and rival crime gangs significantly easier, said Billy Rios, the researcher who discovered the defect and has written a simple program to exploit it.

Link : The Register – Zeus botnets’ Achilles’ Heel makes infiltration easy

Linkedin Falls to the Power of Zeus Malware

Linkedin users: beware!
Please read this article. Don’t get infected.

Users of the social notworking site LinkedIn started receiving shedloads of spam email messages in a bid to recruit them into the Zeus botnet.

From 10am yesterday users of the business-focused version of Facebook started getting mail with a fake contact request containing a malicious link.

Cisco Security Intelligence said that these messages accounted for as much as 24 percent of all spam sent within a 15-minute interval today.

If users were dumb enough to click on the links in the email they would be taken to a web page that says “PLEASE WAITING…. 4 SECONDS..” and then redirects them to Google.

While it looks like nothing has happened, during the four second the victim’s PC will be attempted to be infected with the ZeuS Malware.

Link : TechEye – Linkedin falls to the power of Zeus

Russia Becomes Malware Botnets Host

Considering that most spam and malware is coming from Russia and China, wouldn’t it be possible to turn off access to Russian and Chinese hosts, domains, servers, by default and only open connections by requesting your own ISP? I guess that only a small percentage of Internet users are visiting Russian and Chinese sites and servers, so this should not be a big problem.

Botnet operators have found a home in Russia after server access became too difficult in China says insecurity company M86 Security.

Chinese cyber sleuths have been driving malware operators from the country’s telecommunications infrastructrue and Russia – always somewhat lax in policing online criminals – has become the refuge for botnet spam campaigns from dodgy porn websites, online casinos and pharmacies.

M86 Security said that 5,000 new spam domains have been traced back to two Russian registrars in the past month. Among those who have moved to Russian providers are the operators of the Zeus malware botnet.

“It used to be Chinese registrars and now it has been a pretty dramatic shift. Back in Russia it is kind of the same old names. These registrars have been around for a while.,” said Bradley Anstis, VP of technology strategy at M86 Security.

The shift to the former Soviet Union follows a clampdown on cyber crime operations in central Europe and Asia. Authorities in Europe have sought to drive cyber criminals out of the region, but it seems like they and other parallel efforts elsewhere have just driven them somewhat to the east, into Russia.

Link : The Inquirer – Russia becomes malware botnets host