Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Botnet Dwarfs Storm

Posted by CmdrTaco on from the that's-a-lotta-zombies dept.

ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."

8 of 607 comments (clear)

  1. How does it get in? Duh! by apachetoolbox · · Score: 4, Informative

    Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.

  2. Re:I am not trying to obnoxious. by Thelasko · · Score: 3, Informative

    Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.
    This implies that it's primarily targeting windows machines. But I still worry...
    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  3. Re:Spamming by Scutter · · Score: 3, Informative

    Infected Exchange server?

    Yet another reason why you shouldn't be opening e-mail on a production server. Even if you are, the server admin at a Fortune 500 company ought to be smart enough to not click on the latest "Anna Kournikova pics!" e-mail.

    Maybe this is my MS says that Outlook on an Exchange server is an unsupported configuration.

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  4. Re:I am not trying to obnoxious. by kcbanner · · Score: 3, Informative

    ps aux | grep wine
    Oh good, nothing running. wineserver runs when you start a program and ends when the last process is closed. Nothing will simply start on its own (unless the process running under wine is aware that is being run under wine and can somehow write to rc.local...even then, you need root privs for that).

    --
    Obligatory blog plug: http://www.caseybanner.ca/
  5. Re:I am not trying to obnoxious. by lilomar · · Score: 4, Informative

    You know that VMWare is proprietary, right? Running ubuntu with wine in VMWare because using XP in VMWare wouldn't be FOSS is kinda self-contradicting.

    --
    The creator of this post (Jacob Smith) hereby releases it, and all of his other posts, into the public domain.
  6. Re:I am not trying to obnoxious. by ozmanjusri · · Score: 4, Informative

    Try http://www.virtualbox.org/, if you want free and open source virtualisation software.

    --
    "I've got more toys than Teruhisa Kitahara."
  7. Re:Or Unix or Mac ... by Man+Eating+Duck · · Score: 4, Informative

    BTW, did they ever crack that ubuntu box? No, they didn't.

    I assume that I found the correct contest, it fits the description.

    They did however get the Vista box, by exploiting a flaw in Flash (from the same article). Both successful cracks was only achieved after the rules had been relaxed to allow exploits by "tricking" the judges into clicking on links to malicious web pages created by the contestants.

    On the first day only direct attacks over the network was allowed, and all OSes survived that.
    --
    Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
  8. Re:Designate Windows OS as Terrorist Tool by kesuki · · Score: 4, Informative

    "Seriously, though - can an OS be secure, if it's users don't make rational choices?"

    You can make system files immutable in Linux with chattr, an immutable file may not be overwritten by root unless chattr is first run, to remove the immutable flag.

    furthermore, you can during install, use chattr to set files immutable, and then set user:owner of chattr to user chattr and set permissions to only allow user chattr to read or execute chattr as well as making chattr immutable so root can't replace it.

    So yes, you can idiot proof a Linux system. Even if they still have sudo permissions so they can install new programs.

    the basic point of this would be to have some type of chrontab based scanner, a remote administrator (eg: the guy who set it up for mr. i love porn and am stupid) and basically is mr idiot isntalls bad software mr remote admin can remove it, and make fake files in his owner/user group so that mr idiot can't install it again (although without access to chattr it might be hard to prevent mr idiot to find out how to use sudo to delete those files when he asks on a message board how to get around this 'error' when he tries to install software etc..)

    although it's SO much easier to just not give Mr idiot sudo permissions and allow mr remote administrator approve any software Mr idiot wants on his system. the point was can linux be idiot proofed, and yes it can, in many functional ways.

    --
    https://www.gnu.org/philosophy/free-sw.html