Commentary

George Hulme
 

New Botnet Army On The March

There's a new botnet (a network of malicious nodes, known as "bots") gaining strength, and it's successfully infiltrating U.S. companies by bypassing traditional antivirus products.

There's a new botnet (a network of malicious nodes, known as "bots") gaining strength, and it's successfully infiltrating U.S. companies by bypassing traditional antivirus products.According to this news story on Dark Reading, security startup Damballa is tracking the spread of a new botnet, dubbed MayDay, that, according to the company, already has infected thousands of hosts -- almost all located in North America, Kelly Jackson Higgins reports.

What's concerning about this botnet, aside from the apparent difficulty in identifying it, is that it has successfully infiltrated some -- so far -- unnamed and large networks. Also, its ability to communicate, presumably with other infected nodes, from behind the corporate firewall, makes it appear more agile than other peer-to-peer botnets.


More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

So far, there's little information on MayDay, such as how it propagates or how it evades anti-malware software. Hopefully, those details will surface soon.

According to Higgins' report, the known infections so far have been through what appears to be an Adobe PDF file, but is actually the mechanism for bot infection.

Also, the motive behind MayDay seems to be spam propagation. The researchers, still reverse-engineering MayDay's encrypted communications, have found that it's sending spam and submitting performance reports back to its command-and-control servers.

While that's bad enough, once these bot networks get entrenched they can be used for any number of other types of attacks, including denial-of-service attacks. It's also not unheard of for these networks to be hijacked by other criminals and commandeered for their own purposes.

As news dictates, I'm hoping to post more details on this attack as specifics become available.

According to the 2007 CSI Computer Crime Survey, denial-of-service attacks and botnets combined cost 194 respondents about $5.6 million.


Related Reading




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
T-Shirt Giveaway T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting!
Subscribe to RSS

Resource Links