In the case of the other zombie net, run by a group identifying itself as the Q8Army, individuals used IM-borne adware programs to deliver malware rootkits that stole credit card information for the purpose of committing fraud. The programs also served up pop-ups that carried URLs of militant Arabic Web sites that endorse violent means for achieving "world domination," the researchers said. Using a paper trail left by some of the URLs and related fraudulent transactions, the researchers traced the groups origin to unidentified positions in the Middle East and observed that some of the stolen funds were being used to buy mobile communications gear and used PCs.Security experts say rootkits are not just for hackersprivate companies and cyber-criminals have a real interest in them. Click here to read more. The researchers said there will need to be even more widespread cooperation on the part of security experts, law enforcement officials and government regulators if more of the zombie computer networks are to be shuttered in the future. However, Boyd said it is smarter to take a slow approach that yields detailed information and more powerful results in identifying the scams, versus merely attacking the hijacked computers from which their work is being delivered. "There are an awful lot of botnets out there, which encourages a whack-a-mole approach to shutting them down," said the researcher. "By following the people who are actually responsible and building a case behind the scenes, we can actually do a lot more damage to them." FaceTimes Porter warned that the groups of criminals funding many of the zombie networks have amassed significant resources via their work and are increasingly luring unemployed programmers in countries including Russia to create new malware exploits that will help them continue to steal with success. While many botnets last for only days and do relatively little damage, based on the shoddy nature of their execution, the most sophisticated operators will continue to find new ways to stay one step ahead of their pursuers, according to the expert. "These groups now have significant research and development budgets, and weve literally seen billions of dollars flowing through these networks," said Porter. "Even more scarythese botnet operators are mastering the art of contextual marketing and may become even more successful at delivering their attacks."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis.
After discovering the Q8Armys homepage, which carried custom hacking tools, programs for generating Trojan viruses and other malware applications, the researchers were able to have a set of U.S.-based servers used by the group taken offline, although the individuals remain active on systems located in Germany and the Middle East, according to Boyd.