Researchers at Finjan have uncovered a massive botnet controlling some 1.9 million zombie computers.
The security vendor disclosed the discovery at
the RSA Conference in San Francisco. According to reports, the nearly
two million bots include machines in 77 government domains in the U.S.,
U.K. and other countries.
The size of the network would make it possibly the largest botnet
under the control of cyber-thieves. Some 45 percent of the IP addresses
under the control of the network are located in the U.S., compared to
six percent in the U.K., three percent in France and four percent in
Canada and Germany. The geo-location of 38 percent of the IP addresses
could not be determined.
“We found that the botnet’s command and control server is hosted in
Ukraine,” according to a post on Finjan’s blog. “The server has a nice
backend management application making it easy for the attackers to
manage the infected machines…overall, the cybergang can remotely
execute anything it likes on the infected computers.”
Once infected, the attackers typically download additional malware
to the victim’s computer without their consent. Some of the downloaded
files that were identified include SENEKA(removed).DLL and
Zch(Removed).exe. The files can read e-mail addresses and other details
from the infected computer, communicate with other computers using HTTP
protocol, visit Websites without end-users’ consent as well as a few
dozen other commands.
The role of such networks in spam campaigns and schemes such as the
sale of rogue anti-virus has been well documented. In a separate paper,
researchers from Marshal8e6’s TRACElabs determined the Rustock and
Xarvester botnets were responsible for sending 600,000 spam messages
each over a 24-hour period.
According to reports, Finjan has shared information about the network with the law enforcement and intelligence community.
IT Security & Network Security News & Reviews News & Reviews 
