Gaming Botnet Bleeds Over To The Enterprise

Guest editorial by Gunter OllmannBotnets come in all shapes and sizes and if you can’t find one that fits your unique purposes off-the-rack, it’s trivial to create a custom one using a do-it-yourself construction kit – which helps to explain the diversity we’re seeing within the enterprise. In general though, enterprise-targeted botnets tend to be a different breed – make use of enterprise-specific functionality (e.g. being proxy aware and exploiting vulnerabilities over the network that would be blocked by perimeter firewalls) – and their objectives tend to be more “refined” and clearly criminal.

The Debate Over Naming Botnets

The security industry lacks a uniform way to title botnets, and the
result is sometimes a long list of names for the same botnet that are
used by different antivirus vendors and that can be confusing to
customers. As it stands now, the infamous Conficker is also known as Downup, Downadup and Kido. The Srizbi botnet is also called Cbeplay and Exchanger. Kracken is also the botnet Bobax.

New MySpace Attack Launches Zeus Spyware

The latest MySpace attack tries to lure recipients into giving up their
MySpace credentials, and then attempts to trick victims into installing
password-stealing malicious software. Attackers began blasting out the junk e-mails early Monday, according to researchers at the University of Alabama, Birmingham, Researchers at the school so far have tracked more than 30 Web site names associated with this attack, each beginning with “” and ending in a United Kingdom country code domain (.uk). Read the full article. [Washington Post] 

Arbor Networks researcher Jose Nazario has spotted a malicious Google AppEngine application being used to control a botnet of infected computers. The Google App Engine is feeding URLs to the zombies (hijacked machines) for them to download, Nazario explained.  Read the full blog post []

The botnet problem has reached epidemic levels in recent months, with the continued growth of large-scale botnets, as well as the identification of smaller, more targeted networks around the world. But researchers have been taking steps to disrupt botnets of late, with some notable successes, as the recent takedown of the Mega-D botnet shows.

Upping its output of spam by nearly 5 percent
in recent weeks, a new botnet called Festi has grabbed the attention of
researchers, cracking the list of top 10 most prolific spamming botnets. The botnet has apparently pumped up the volume
of spam by recruiting more bots, about 60 percent of which are in Asia,
18 percent in Europe, and 9 percent in North America. Read the full article. [Dark Reading]

A simple, yet effective, worm is now circulating on some jailbroken iPhones, changing settings on the phones and terminating some services. The worm, which was discovered Sunday, doesn’t appear to be too malicious, but is an indicator of what might lie ahead for owners of iPhones and other smartphones.

In the year since the shutdown of notorious Web hosting firm McColo, spammers are growing strong. Part of this is the result of improvements by botnet operators. Like anyone who is successful what they do, the people controlling the most powerful botnets in cyber-space learn from their mistakes. Security researchers discussed how.

Facebook and MySpace have fixed errors that could have allowed data to be given out from its subdomains. A Dutch developer, Yvo Schaap, discovered the flaw and wrote on his blog: “A “more invasive and hidden exploit could harvest all the user’s
personal photos, data and messages to a central server without any
trace, and there is no reason why this wouldn’t be happening already
with both Facebook and MySpace data.” Read the full article. [Computerworld]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.