Information Security News mailing list archives
Botnet Operators Infecting Servers, Not Just PCs
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Dec 2009 02:07:12 -0600 (CST)
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=222002433 By Kelly Jackson Higgins DarkReading Dec 16, 2009 Botnet operators have always been able to easily infect and convert PCs into bots, but they also are increasingly going after servers -- even building networks of compromised servers. Web servers, FTP servers, and even SSL servers are becoming prime targets for botnet operators, not as command and control servers or as pure zombies, but more as a place to host their malicious code and files, or in some cases to execute high-powered spam runs. "FTP servers are a hot commodity in the underground. They are regularly used by drive-by download malware as well as a downloading component for regular bots," says Mikko Hypponen, chief research officer at F-Secure. "Another thing we've noticed is the use of SSL servers. Sites with a valid SSL certificate get hacked and are used by drive-by-downloads." Why SSL servers? "If a drive-by download gets the malware file through an HTTPS connection, proxy and gateway scanners won't be able to scan for the malware in transit, making it easier to sneak in," Hypponen explains. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org
Current thread:
- Botnet Operators Infecting Servers, Not Just PCs InfoSec News (Dec 17)