Posts Tagged: botnet


26
Jan 11

Battling the Zombie Web Site Armies

Peter Bennett first suspected his own Web site might have been turned into a spam-spewing zombie on the night of Nov. 11, when he discovered that a tiny program secretly uploaded to his site was forcing it to belch out ads for rogue Internet pharmacies.

Bennett’s site had been silently “infected” via an unknown (at the time) vulnerability in a popular e-commerce software package. While most site owners probably would have just cleaned up the mess and moved on, Bennett — a longtime anti-spam vigilante — took the attack as a personal challenge.

“Spammers always know it is me attacking their resources in whatever form that takes,” Bennett said. “In other words, I make myself a target because I have a clue or two about server security and defense and just love taunting them to crank them up.”

And taunt them he has. For years, the New Zealand resident was part of a ragtag band of anti-spam activists, or “antis,” that helped to bring down infamous pill spammer Shane Atkinson and other junk e-mail purveyors. After taking a break from anti activity in 2007 to pursue other professional goals, Bennett – now 50 – seems eager to jump back into the fray.

In the interim, however, spammers have been refining their techniques. Like reluctant conscripts in a global guerilla army, hundreds  — sometimes thousands — of legitimate Web sites are now enslaved each month and sold to criminals who use them to blast out spam and host spam sites. The attackers Bennett is tracking mainly pick on orphaned Web sites running Linux with insecure, unpatched software packages (Bennett says his site was hacked thanks to a zero-day bug in OScommerce, a popular e-commerce software program).

Bennett found that his Web site was part of a larger botnet of at least 1,200 compromised sites that was being used to send roughly 25 million junk e-mail messages each day, although he said it appears the botnet is used for spam runs only intermittently.

“They only run the botnet once a week or so at a time, and then shut it off,” Bennett said.

An ad soliciting EvaPharmacy affiliates.

The hacked sites in the botnet Bennett identified mainly advertise one of three types of rogue pill sites: MyCanadianPharmacy, Canadian Family Pharmacy, and Canadian Health&Care Mall. The latter has been tied to a pharmacy affiliate program called EvaPharmacy, one of the few remaining pharmacy affiliate programs that pays members to promote fly-by-night pill sites via spam.

Continue reading →


19
Feb 10

ZeuS: ‘A Virus Known as Botnet’

As a journalist who for almost ten years has sought to explain complex computer security topics to a broad audience,  it’s sometimes difficult to be picky when major news publications over-hype an important security story or screw up tiny details: For one thing, Internet security so seldom receives more than surface treatment in the media that the increased attention to the issue often seems to excuse the breathlessness with which news organizations cover what may seem like breaking, exclusive stories.

The trouble with that line of thinking is that an over-hyped story tends to lack important context that helps frame the piece in ways that make it more relevant, timely, and actionable, as opposed to just sensational.

I say this because several major media outlets, including The Washington Post and the Wall Street Journal, on Thursday ran somewhat uncritical stories about a discovery by NetWitness, a security firm in Northern Virginia that has spent some time detailing the breadth of infections by a single botnet made up of PCs infected with ZeuS, a password stealing Trojan that lets criminals control the systems from afar. NetWitness found that this particular variant of the botnet, which it dubbed “Kneber,” had invaded more than 2,500 corporations and 75,000 computers worldwide.

The Post’s headline: More than 75,000 Computer Systems Hacked in one of the Largest Cyber Attacks, Security Firm Says.

From the WSJ: Broad New Hacking Attack Detected: Global Offensive Snagged Corporate, Personal Data at Nearly 2,500 Companies: Operation is Still Running.

Yahoo!’s coverage tells us, Scary Global Hacking Offensive Finally Outed.

After a day of dodging countless PR people pitching their experts to pile on to the story, I finally resolved to add my two cents when I heard this gem from the PBS Newshour with Jim Lehrer: “A major new case of computer hacking has been uncovered. A virus known as botnet invaded the computers and used them to steal data from commercial and government systems. Among other things, the hackers have gained access to e-mail systems and online banking.”

Continue reading →