Thursday, April 10, 2008

The undetectable worm

Researchers at Damballa Inc have uncovered evidence of a powerful new botnet they've nicknamed Kraken. The company estimates that Kraken has infected 400,000 systems, which would make it twice the size of Storm during that botnet's hayday. (The final size of Storm's botnet is disputed; Damballa estimates Storm infected up to 200,000 machines).

Specific details on the newly discovered botnet are still hard to come by, but rhetoric isn't. Damballa currently predicts that Kraken will continue to infect new machines (up to 600,000 by mid-April). Compromised systems have been observed sending up to 500,000 emails a day, and 10 percent of the Fortune 500 are currently infected. The botnet appears to have multiple, redundant CnC (Command and Control) servers hosted in France, Russia, and the United States. Damballa has been in secret negotiations with the French servers, which have agreed to deactivate themselves at the first sign of attack a workable antivirus detection system. ;)

Like its mythical monstrous counterpart, Kraken enjoys long walks on the beach, sunsets, and tearing sailors into tasty snacks. When not ravaging the ocean, Damballa suspects Kraken is spreading itself via common social engineering techniques, and is advertising the same types of herbal products, gambling sites, and financial deals commonly found in this type of attack vector. The worm purportedly infects the system after the user clicks on a specific image file, though again, exact details aren't available at this time.

Full Article
Post a Comment