Storm creators offer their botnet for lease
10 01 2008This article has been published at RLSLOG.net - visit our site for full content.
For nearly a year, cyber-security researchers have tracked the Storm worm as its malicious code spread across the Internet, drawing computers into a growing botnet of hijacked computers. Now, they’ve found evidence that segments of its zombie army are being rented to the highest bidder. Over the past week, researchers at Finnish security company F-secure have identified what they say is the first use of Storm’s massive “botnet”–a collection of hundreds of thousands of computers hijacked with hidden software–to steal users’ banking information.
Tracing the physical location of phishing sites that impersonated pages from U.K.-based Barclay and Halifax banks, F-secure’s researchers found that they were hosted on the same Russian server used for distributing Storm in recent weeks. F-secure’s researchers also report the software used to mimic Barclay’s and Halifax’s banking sites is a primitive phishing kit from 2004–a sign that Storm’s innovative creators are renting out their real estate to less savvy cyber-criminals. More than other strains of malicious code, the Storm worm has proven itself difficult to outsmart since it was discovered in January 2007. Researchers have struggled to keep up with its quick metamorphoses and smart spam campaigns that use attached PDFs, e-cards, and even YouTube invitations to infect users with malicious software.
Unlike other botnets, Storm has no single command-and-control point–it functions as a peer-to-peer system where any hijacked computer can give and receive commands. That means shutting it down isn’t as simple as alerting the Internet service provider where the botnet is hosted. “Storm is so well written that we have no idea of how to make it go away,” Schneier says. “Usually, we find the controller and nuke it. This thing has no controller” says Bruce Schneier, a security researcher for BT Counterpane. Until now, Storm’s creators have been focused on growing its ranks: Infected computers have sent out spam, drawing users to compromised Web sites that hijack more PCs. If Storm’s zombie army is shifting into mercenary mode, researchers say, it could mark another step in the evolution of cybercrime. Update your firewall and antivirus today!
Source: Forbes
more at RLSLOG.net
