Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page New Massive Botnet Twice the Size of Storm -Kraken botnet
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old April 7th, 2008, 07:25 PM
Malcontent's Avatar
Malcontent Malcontent is offline
Frequent Poster
  
Join Date: Dec 2005
Location: Cleveland, Ohio USA
Posts: 423
Default New Massive Botnet Twice the Size of Storm -Kraken botnet
http://www.darkreading.com/document....WT.svl=news1_1

Quote:
SAN FRANCISCO -– RSA 2007 Conference –- A new botnet twice the size of Storm has ballooned to an army of over 400,000 bots, including machines in the Fortune 500, according to botnet researchers at Damballa.

The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques, including regularly updating its binary code and structuring the code in such a way that hinders any static analysis, says Paul Royal, principal researcher at Damballa.

"It's easy to trace but slow to get antivirus coverage. It seems to imply [the creators] have a good understanding of how AV tools operate and how to evade them," Royal says.

Kraken's successful infiltration of major enterprises is a wakeup call that bots aren't just a consumer problem. Damballa and other botnet experts over the past few months have seen an unsettling rise in bot infections in enterprises.
__________________
Avast + WinPatrol Plus + Router/SPI
  #2  
Old April 7th, 2008, 09:30 PM
FanJ FanJ is offline
Updates Team
  
Join Date: Feb 2002
Posts: 1,802
Default Re: New Massive Botnet Twice the Size of Storm -Kraken botnet
From that article:

Quote:
Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.

(emphasis by me)

Didn't we have WormGuard for these kind of things (.jpg.exe etc) for ages already?

I don't know how many of the old folks still use it, but I do.
  #3  
Old April 8th, 2008, 02:06 AM
SystemJunkie SystemJunkie is offline
Resident Conspiracy Theorist
  
Join Date: Mar 2006
Location: Germany
Posts: 1,500
Default Re: New Massive Botnet Twice the Size of Storm -Kraken botnet
Someone should better describe the technique they use.
  #4  
Old April 9th, 2008, 01:12 AM
DDCchik DDCchik is offline
Infrequent Poster
  
Join Date: Mar 2004
Posts: 39
Default Re: New Massive Botnet Twice the Size of Storm -Kraken botnet
There is some more information here.

http://blog.washingtonpost.com/secur...sh_of_the.html
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 04:15 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums