[virusinfo] Mafia take advantage of the Internet through networks of 'bots' that threaten users - 03/28/05]
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Tue, 29 Mar 2005 10:30:37 -0800
From; Panda Oxygen3:
"Much speech is one thing, well-timed speech is another."
Sophocles (495 b.C-406 b.C.); Greek tragic dramatist.
- Mafia take advantage of the Internet through
networks of 'bots' that threaten users -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, March 28, 2005 - Malware creators have changed their aims and modus
operandi. On the one hand, the trend detected over the last few months of
creating malware for financial gain has been confirmed and on the other,
instead of using just one malicious code capable of spreading rapidly
across thousands of computer, they are now using many different variants. A
very recent example is the Kelvir worms. Their tactic involves saturating
cyber-space with a huge number of variants of the same code, seven in less
than seven days. This makes it difficult for both security companies, who
have to develop a large number of vaccines, and users, who hardly have time
to update their security applications, to combat them. As a result, it is
easy for a computer to fall victim to one of the new malicious code.
The real aim of the Kelvir worms is to download other malware to the
computer, more specifically, 'bots'. 'Bots' are automated Trojans that
carry out actions, obeying external commands. A hacker can use these to
carry out a wide range of actions on the affected computer, such as:
stealing confidential data, launching attacks on other computers,
generating spam anonymously, etc.
'Bots' are a rapidly growing threat. Data compiled by Earthlink shows that
20 percent of computers could contain a 'bot'. What's more, an estimated 66
percent of spam circulating around the Internet is being sent through 'bot'
networks. In fact, there is an underground 'bot' rental market to satisfy
the demands of "professional spammers" who pay between three and four cents
per 'bot' a week.
'Bots' can also be used to carry out Distributed Denial of Service attacks
(DDoS) against other computers. According to an article published by
SecurityFocus, an executive in a US company confessed to having paid a
group of hackers to launch DDoS attacks against three rival companies.
What's more, the crash of website like Yahoo!, Microsoft and Google in 2004
was also attributed to DDoS attacks carried out through 'bots'.
According to Luis Corrons, head of PandaLabs, "'bots' are a perfect tool
for Internet mafias. They are extremely versatile, allowing all types of
actions to be carried out which can do more than slow down systems or flood
the Internet with infected messages. Their actions not only affect what is
known as cyber-space, but can also hit the economy or image of users and
companies. For example, a well-known US newspaper reported the hijacking of
hundreds of computers in the Defense Department and the Senate, which were
used as zombies to send out spam."
When a 'bot' enters a computer, this represents a serious security risk for
any user, although attacks from this type of malicious code have
implications at many other levels, such as software piracy. There are, for
example, 'bots' that detect passwords and content of programs that can then
be distributed illegally.
However, it is companies that suffer most due to attacks from this type of
malware. The main damage that 'bots' can cause in corporate environments
includes:
- Corporate extortion. Some companies have been blackmailed by organized
groups of hackers, threatening to block their IT systems if they didn't
meet their demands, which are normally financial. This kind of action,
mainly affects those companies whose activity is based around e-commerce or
Internet services. The e-magazine Rense.com has reported a hacker mafia
offering 'protection' to a range of websites in the UK in exchange for
$50,000 a year.
- Data theft. Some 'bots' download keyloggers, designed to capture
keystrokes and send the information to a hacker. This allows them to access
all kinds of corporate information that could be used for online bank fraud
or hacker attacks. It could also damage the reputation of a company as
stolen email addresses, could be used for sending all kinds of spam.
- Damage to corporate resources. A large number of 'bots' installed on
computers across the corporate network consume additional resources
-bandwidth, administrator time, etc.- with negative consequences for
productivity.
-Infiltration of other malware in the network. Generally speaking, the
entrance of a 'bot' in a corporate network is a prelude to the arrival of
all kinds of malware: spyware, adware, other viruses, etc.
A 'bot' is a malicious code that is dropped onto a system in a way that
users can't see. Similarly, a single specimen installed on a computer is
very difficult to detect. Although there are thousands of 'bots' identified
and detected and eliminated by most anti-malware applications, new 'bots'
are constantly appearing and are surreptitiously spread so that sometime
may pass before security companies detect their presence and can generate
the corresponding vaccine.
According to Luis Corrons, "TruPrevent(TM), our proactive detection
technologies, have blocked more than 2,700 new 'bots' -as well as a huge
amount of other type of malware- since they were launched in August 2004.
We currently have proactive detection systems that can identify malicious
code alone. When we decided to develop our TruPrevent(TM) proactive
detection technologies, we considered the growing threat of these and other
malware. Reactive solutions continue to be the most effective against known
malware, but proactive technologies are the perfect complement. For
example, when the TruPrevent(TM) Technologies detect a new strain of
malware, they immediately send it to PandaLabs. This allows us to head off
the infection and prevent the damage that they can cause. What's more, we
can generate a specific vaccine much faster than our competitors."
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Mafia take advantage of the Internet through networks of 'bots' that threaten users - 03/28/05]
