Friday

Battle of the Botnets

A nice piece from Kaspersky: Battle of the Botnets

The situation was becoming more and more interesting. Three groups, from different countries, who were all busy with the same thing – creating botnets to send spam and harvest email addresses. All these groups are dependent on money from spammers, who will pay good money for the biggest botnet and the largest database. This brought the three groups into conflict with each other, and they are willing to use everything at their disposal to gain an advantage. The result was an unending cycle of attacks on users. In order to infect machines, the virus writers had come up with newer and newer methods to evade antivirus filters.

Despite security features such as UAC, Patch Guard, and protection against buffer overflows, we are loosing the battle. Let's not forget about Quicktime and Flash exploits. After the latest Microsoft Patch Tuesday, let's have a look on the progress of vulnerabilities. Image from McAfee Avertlabs

And let's have a look at the latest Shadowserver.org graph


So we just reached a new record of 3 million. Ouch. Still going the wrong way. I always thought that bots were command line driven or with a crude GUI. Then I read the Pandasoftware article on Zunker.

The screenshot shows you how userfriendly the interface is. It's organized by country, and you can see how many bots you have, reports from each one, how much spam has been sent, what software has been used by the bots to send the spam (gmail, IM, forums, etc...). It even has advanced graphics on number of bots, reports, and daily/monthly spam statistics.
Zunker is mainly targetting german ip's but it seems ready to infect other specific targets with other bots.

I think one of the problems is that the bad guys communicate
better then us. They share information and they are organized. I know it's difficult to talk honestly about security failures, about what you’ve learned and how you’re adapting. There is also a legal and PR side to the story. But if we cannot find a way, we will be fighting an uphill battle.