From; Panda Oxygen3: "Much speech is one thing, well-timed speech is another." Sophocles (495 b.C-406 b.C.); Greek tragic dramatist. - Mafia take advantage of the Internet through networks of 'bots' that threaten users - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, March 28, 2005 - Malware creators have changed their aims and modus operandi. On the one hand, the trend detected over the last few months of creating malware for financial gain has been confirmed and on the other, instead of using just one malicious code capable of spreading rapidly across thousands of computer, they are now using many different variants. A very recent example is the Kelvir worms. Their tactic involves saturating cyber-space with a huge number of variants of the same code, seven in less than seven days. This makes it difficult for both security companies, who have to develop a large number of vaccines, and users, who hardly have time to update their security applications, to combat them. As a result, it is easy for a computer to fall victim to one of the new malicious code. The real aim of the Kelvir worms is to download other malware to the computer, more specifically, 'bots'. 'Bots' are automated Trojans that carry out actions, obeying external commands. A hacker can use these to carry out a wide range of actions on the affected computer, such as: stealing confidential data, launching attacks on other computers, generating spam anonymously, etc. 'Bots' are a rapidly growing threat. Data compiled by Earthlink shows that 20 percent of computers could contain a 'bot'. What's more, an estimated 66 percent of spam circulating around the Internet is being sent through 'bot' networks. In fact, there is an underground 'bot' rental market to satisfy the demands of "professional spammers" who pay between three and four cents per 'bot' a week. 'Bots' can also be used to carry out Distributed Denial of Service attacks (DDoS) against other computers. According to an article published by SecurityFocus, an executive in a US company confessed to having paid a group of hackers to launch DDoS attacks against three rival companies. What's more, the crash of website like Yahoo!, Microsoft and Google in 2004 was also attributed to DDoS attacks carried out through 'bots'. According to Luis Corrons, head of PandaLabs, "'bots' are a perfect tool for Internet mafias. They are extremely versatile, allowing all types of actions to be carried out which can do more than slow down systems or flood the Internet with infected messages. Their actions not only affect what is known as cyber-space, but can also hit the economy or image of users and companies. For example, a well-known US newspaper reported the hijacking of hundreds of computers in the Defense Department and the Senate, which were used as zombies to send out spam." When a 'bot' enters a computer, this represents a serious security risk for any user, although attacks from this type of malicious code have implications at many other levels, such as software piracy. There are, for example, 'bots' that detect passwords and content of programs that can then be distributed illegally. However, it is companies that suffer most due to attacks from this type of malware. The main damage that 'bots' can cause in corporate environments includes: - Corporate extortion. Some companies have been blackmailed by organized groups of hackers, threatening to block their IT systems if they didn't meet their demands, which are normally financial. This kind of action, mainly affects those companies whose activity is based around e-commerce or Internet services. The e-magazine Rense.com has reported a hacker mafia offering 'protection' to a range of websites in the UK in exchange for $50,000 a year. - Data theft. Some 'bots' download keyloggers, designed to capture keystrokes and send the information to a hacker. This allows them to access all kinds of corporate information that could be used for online bank fraud or hacker attacks. It could also damage the reputation of a company as stolen email addresses, could be used for sending all kinds of spam. - Damage to corporate resources. A large number of 'bots' installed on computers across the corporate network consume additional resources -bandwidth, administrator time, etc.- with negative consequences for productivity. -Infiltration of other malware in the network. Generally speaking, the entrance of a 'bot' in a corporate network is a prelude to the arrival of all kinds of malware: spyware, adware, other viruses, etc. A 'bot' is a malicious code that is dropped onto a system in a way that users can't see. Similarly, a single specimen installed on a computer is very difficult to detect. Although there are thousands of 'bots' identified and detected and eliminated by most anti-malware applications, new 'bots' are constantly appearing and are surreptitiously spread so that sometime may pass before security companies detect their presence and can generate the corresponding vaccine. According to Luis Corrons, "TruPrevent(TM), our proactive detection technologies, have blocked more than 2,700 new 'bots' -as well as a huge amount of other type of malware- since they were launched in August 2004. We currently have proactive detection systems that can identify malicious code alone. When we decided to develop our TruPrevent(TM) proactive detection technologies, we considered the growing threat of these and other malware. Reactive solutions continue to be the most effective against known malware, but proactive technologies are the perfect complement. For example, when the TruPrevent(TM) Technologies detect a new strain of malware, they immediately send it to PandaLabs. This allows us to head off the infection and prevent the damage that they can cause. What's more, we can generate a specific vaccine much faster than our competitors." ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member