Damballa says Storm and Mega-D are unrelated. "Our research indicates that it's distinct from Storm," Cox says. "Each compromised host can send thousands of [spam] email addresses with random subject lines. It's clearly capable of sending out huge amounts of spam." Size doesn't always matter with botnets. MayDay is not nearly as large as Storm, but Damballa says it could potentially do more damage due to its more sophisticated and targeted approach. "MayDay is unique because it has the ability to communicate from within the inside of the enterprise," Cox says. "It's powerful in the damage it could do when orchestrated for a common purpose. It could potentially be more powerful because of the types of networks it's successfully compromised." (Source: Darkreading.com) So far about the confusion about Mega-D. The last article also talks about another botnet called MayDay. It uses different techniques to try to bypass networksecurity measures like using the browser proxy settings or tunneling through ICMP. The MayDay botnet can evade leading antivirus products, and so far has compromised thousands of hosts, according to Damballa, which says 96.5 percent of the infected machines are in the U.S., and about 2.5 percent in Canada. Damballa first hinted of this potential successor to Storm late last year. (See The World's Biggest Botnets .) MayDay uses a combination of techniques to communicate with its bots, including hijacking browser proxy settings, says Tripp Cox, vice president of engineering for Damballa. He says, "It can communicate through an enterprise's secure Web proxy and conduct updates and attack activities" -- a unique method for a botnet. The Web proxy approach also demonstrates that this is no random bot infection: "Designing bot malware to specifically use Web proxies is a clear indicator that it's targeting [specific] enterprise systems," Cox says. (Source: Darkreading.com) Still not worried about targeted (enterprise) attacks?
After our view on New kid on the block: Mega-D overtakes Storm Worm, Arbor Network suspected that Mega-D was actually a partition of StormWorm. Afterwards, they seemed to confirm that Mega-D was indeed not related to StormWorm.So, this makes a lot more sense to me. After a bit of prodding, it does appear to NOT be Storm, though Cutwail and some of the related malware may indeed be the source, as suggested here.
Also Damballa stated that they were unrelated:
Tuesday
Update on Mega-D botnet and a new covert bot named MayDay
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment