Information Security News mailing list archives
Orphaned Bots Not Necessarily Free Or Clean
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 21 Nov 2008 02:21:30 -0600 (CST)
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212101163 By Kelly Jackson Higgins DarkReading Nov 20, 2008 It has been a week since a half-million bot-infected machines were suddenly freed from their "master" botnet servers after ISPs pulled the plug on the illicit McColo hosting service. So now what happens to those orphaned bot machines? Researchers have spotted these errant bots over the past week attempting to phone home to their former command and control (C&C) servers. While the industry continues to celebrate a nearly 70 percent nosedive (albeit temporary) in spam volume without McColo to host the world's biggest spamming botnets anymore, these orphaned bots are still at risk -- and possibly still spewing spam, security experts say. "They are probably already infected with multiple things. You hardly ever find just one bot on these computers," says Joe Stewart, director of malware research for SecureWorks. "You may find three or four different spam bots on the same machine. And who knows what else -- password stealers and other rogue ware." Many of these bots -- which were members of the world's most prolific spam botnets, Srizbi, Mega-D, and Rustock "--are likely still spamming away for other botnets, or even possibly other servers on the big three that weren't hosted on McColo, security experts say. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
Current thread:
- Orphaned Bots Not Necessarily Free Or Clean InfoSec News (Nov 21)