lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed May 25 17:04:47 2005
From: randomisedletters at hotmail.com (Random Letters)
Subject: Stealth virus warning sounded again

Virus authors are choosing not to create global epidemics--such as Melissa 
or Blaster--because that distracts them from their core business of creating 
and selling botnets, according to antivirus experts.

Botnets are groups of computers that have been infected by malware that 
allows the author to control the infected PCs, and then typically use them 
to send spam or launch DDoS attacks.

Speaking at the AusCERT conference on Australia's Gold Coast on Tuesday, 
Eugene Kaspersky, founder of Kaspersky Labs, said that the influence of 
organised crime on the malware industry has led to a change of tactics, 
echoing comments made in March of this year by Mikko Hyppönen of F-Secure. 
Instead of trying to create viruses and worms that infect as many computers 
as possible, malware authors are instead trying to infect 5,000 or 10,000 
computers at a time to create personalized zombie armies.

"Do I need a million computers to send spam? No. To do a DDoS attack, 5,000 
or 10,000 PCs is more than enough. That is why virus writers and hackers 
have changed their tactics of infection--they don't need a global epidemic," 
said Kaspersky.

According to Kaspersky, organized criminals are advertising networks of 
zombie computers for rent on underground newsgroups and Web pages. When they 
receive an order for a botnet of a certain size, they set about trying to 
infect computers using infected email attachments or socially-engineered 
spam with links to malicious Web pages. As soon as they infect enough 
computers to fulfill the order, they stop using that particular piece of 
malware.

"It seems that if, say, the virus author needs 5,000 infected computers, 
they put the Trojan on a Web page and wait for 5,000 machines to be 
infected. Then they remove the Trojan because that is enough. When they get 
a new request for another zombie network, they release a new Trojan--they 
are able to control the number of infected computers," said Kaspersky.

Adam Biviano, senior systems engineer at antivirus firm Trend Micro, agrees. 
He said that by only infecting a relatively small number of computers, the 
malware has a better chance of flying 'under the radar' and not being 
spotted by antivirus companies.

"It makes sense to have a discreet number of PCs under your control and be 
able to sell that on," said Biviano, who added: "With 5,000 PCs under your 
control--none of which are being destroyed or showing actual qualifiable 
damage as a result--you will fit under the radar, probably make some money 
and you probably won't get arrested."

Kaspersky said that to fight this new tactic antivirus companies have to be 
more thorough by scouring Web pages and e-mail attachments for new and 
obscure pieces of malware--to ensure as few Trojans as possible get through 
to users.

"Before releasing the new infected code they test it using antivirus 
scanners and they don't release the new Trojan or worm if it is detected. I 
believe that if only 1,000 machines are infected, anti-virus companies will 
never receive the infected file. That is why antivirus companies have to 
collect data reactively and get samples as quickly as possible," said 
Kaspersky.

Vincent Gullotto, vice-president of McAfee's antivirus emergency response 
team, told ZDNet Australia that antivirus companies are responding to the 
new threat by proactively seeking out new forms of malware.

"It is standard for us, Kaspersky, Symantec and some of the other prominent 
antivirus companies scour the Web in many different ways. We go out looking 
for [malware] with a very aggressive search and we do passive searches where 
we have machines that are just sitting around waiting to get attacked. When 
we see a machine getting attacked we grab a sample rather quickly so we can 
add it to our database," said Gullotto.

http://news.zdnet.com/Stealth+virus+warning+sounded+again/2100-1009_22-5719765.html?part=rss&tag=feed&subj=zdnn

_________________________________________________________________
Use MSN Messenger to send music and pics to your friends 
http://messenger.msn.co.uk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ