FYI...
- http://www.secureworks.com/research/threats/warezov/
10/15/08 - "...as of 2008, it appears Warezov is back in the spamming business - but operating differently this time... Warezov was historically spread via email attachments, however that activity has also largely ceased. These days, executable attachments via email are almost universally blocked. Most botnet operators have switched to installing via browser/plugin exploits or social engineering. Warezov is no different. Only a few days ago, we saw Warezov being spread through a site advertising free MP3s via download of a P2P program. No exploits were used here, just social engineering. The user has to choose to install the software, which is simply the Warezov trojan... Like many botnets, Warezov is really a payload delivery system. It can install any software the botnet operator wishes. Since the end of the stock spamming activity, Warezov has mainly served as a "fast-flux" hosting platform... Warezov accomplishes this activity by installing two components: a reverse HTTP proxy that serves the content from a hidden master server, and a DNS server which is actually a customized installation of the popular ISC BIND software compiled for Windows. Each DNS server acts as a slave which gets zone updates from the hidden master server... Regardless of what methods are in use, spam is not going away any time soon. There is clearly too much money involved in spam and as a result, botnets... Despite indictments that may exist in the U.S., there are too many obstacles, both technical and political, that make it nearly impossible to get Russian botmasters arrested..."
(Screenshots available at the URL above.)
- http://asert.arbornetworks.com/2008/...n-aka-warezov/
October 17, 2008
- http://www.darkreading.com/document....798&print=true
October 13, 2008 - "...SecureWorks* says Srizbi remains the largest botnet, followed closely by Rustock, Ozdok, and Cutwail, which range from a minimum of 150,000 to upwards of 300,000 bots..."
* http://www.secureworks.com/research/...eat=topbotnets
April 8, 2008