Page 5 of 5 FirstFirst 12345
Results 41 to 45 of 45

Thread: Pandemic of the botnets 2008

  1. #41
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS08-067 botnet

    FYI...

    MS08-067 botnet
    - http://preview.tinyurl.com/6m77k9
    December 1, 2008 (Computerworld) - "The worm exploiting a critical Windows bug that Microsoft Corp. patched with an emergency fix in late October (MS08-067) is being used to build a new botnet*..."
    * http://forums.spybot.info/showpost.p...1&postcount=45

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #42
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Fast Flux malware...

    FYI...

    Classmates dot com Fast Flux Malware
    - http://asert.arbornetworks.com/2008/...-flux-malware/
    December 5, 2008 - "The Gozi infostealer is running around, this time using new domains and a new lure: a “video invitation from your classmates”. This has been going on all week, too. In an email purporting to be from Classmates .com, you’re told to go look at a web page and join up. To view the video you need to .. you guessed it, download a new Flash player. Don’t worry, they’ll help you out... christmasclasses .com, is fast fluxing. If you can, block the hosts via a DNS server or some similar filter... The malcode you download, “AdobePlayer10.exe”, is a Gozi downloader... AV detection is fair (from VirusTotal*). Same basic thing as the Obama malcode from last month:
    * downloads addons2.exe from a fast flux host using the domain name albertonixl .com.
    * sends the Gozi data to a host in AS44997, BTG transit route block.
    Our friends at Secure Works have an excellent writeup on Gozi**. This threat is -not- dead."

    * http://www.virustotal.com/analisis/7...4720f388a70aba

    ** http://www.secureworks.com/research/threats/gozi/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #43
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Mega-D botnet is back...

    FYI...

    Mega-D botnet is back...
    - http://www.theregister.co.uk/2008/12/08/mega_d_returns/
    8 December 2008 - "One of the three botnets cut off by the shutdown of rogue ISP McColo is back in business. The Mega-D botnet is back on its feet and throwing off huge volumes of spam... There's generally agreement among other security firms that junk mail levels are increasing to pre-McColo shutdown levels but some confusion about which botnets has woken up to pump out the gunk. IBM's ISS security tools division also notes* increased spam levels. It reckons junk mail volumes are half what they were immediately prior to the McColo takedown, or the same level as at the start of 2008... MessageLabs ventured the opinion*** that of the three botnets hosted by McColo only Srizbi remains homeless. "With the exception of Srizbi, the affected botnets have since found alternative hosting, resulting in a return to spam levels close to those before the takedowns, with rival botnets such as Cutwail and Rustock taking-up the slack left by Srizbi's absence," it said."
    * http://blogs.iss.net/archive/mccolo-2.html
    December 05, 2008 - "...Over the past few days... spam volume has been picking up the pace. It has now reached 50% of the volume before the takedown... which is also equivalent to the volume we saw at the beginning of the year. The mix of spam we’re seeing is different, too. There has been a notable increase in small, HTML-based mail with minimal or no text and an embedded picture URL. This increase isn’t due to all spammers substantially changing the type of spam they send, it’s due to one botnet, Srizbi, that appears to be recovering faster than the others. The increase of this particular botnet has been noted by others... This spammer also appears to be more concerned about the size of their spam messages, because they’ve gone down from 3.5k to 2.5k on average, possibly due to a new constraint of limited bandwidth..."
    ** http://www.heise-online.co.uk/news/B...again--/112118

    *** http://www.messagelabs.com/mlireport...2008_FINAL.pdf
    (6.3MB PDF file)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #44
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry MS08-067 exploit...

    FYI...

    - http://blog.trendmicro.com/top-8-in-08/
    Dec. 30, 2008 - "...A .DLL worm, WORM_DOWNAD.A, which exploits the MS08-067 vulnerability, and exhibited routines that led security analysts to postulate that it is a key component in the development of a new botnet. More than 500,000 unique hosts spread across different countries have since been discovered to have fallen victim to this threat..."

    > http://forums.spybot.info/showthread...291#post273291

    Last edited by AplusWebMaster; 2009-01-01 at 15:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #45
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry

    FYI... video:

    - https://www.clarifiednetworks.com/Bl...-01-01%2018-15
    2009-01-01 - "F-Secure collected a bunch of neat log data on botnet IRC channel joins . They then asked us to visualize the joins on a world map, much akin to what we did with the Kaminsky DNS patching logs*..."
    * https://www.clarifiednetworks.com/KaminskyDNS

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •