Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Groups Used To Control Botnets

Posted by Soulskill on from the easier-than-by-carrier-pigeon-in-most-cases dept.

oDDmON oUT writes "'Maintaining a reliable command and control (C&C) structure is a priority for back door Trojan writers. ... Symantec has observed an interesting variation on this concept in the wild. A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands,' writes Symantec employee Gavin O Gorman. He goes on to state that 'the Trojan itself is quite simple. It is distributed as a DLL,' and while the decrypted commands indicate it is used 'for reconnaissance and targeted attacks,' he does go on record as saying, 'It's worth noting that Google Groups is not at fault here; rather, it is a neutral party. The authors of this threat have chosen Google Groups simply for its bevy of features and versatility.'"

12 of 63 comments (clear)

  1. Re:Google Groups is just a way to Usenet by athakur999 · · Score: 5, Informative

    It's true Google Groups can be used to view Usenet groups, but you can also create groups that are completely independent of Usenet with it. That seems to be the case here.

    --
    "People that quote themselves in their signatures bother me" - athakur999
  2. This just in! by Anonymous Coward · · Score: 5, Funny

    Breaking news today:

    Free Web Service Abused, Professionals Shocked

    News at 11.

  3. "oops, by martas · · Score: 3, Funny

    it seems we just did some pretty serious evil..."

    --
    weinersmith
  4. Re:So? by sakdoctor · · Score: 5, Funny

    -----BEGIN BOTNET COMMAND OVER /.-----
    Version: v1.0.0

    TEx2OTNZRm9 mb1l4Q1B5N25P b3dxSjRCMkhSS WhzdDFBbV Ezd2lGSWtY R1pEMWJ qUHdtcG9z cktLNHd5 cDBZeg==

    -----END BOTNET COMMAND OVER /.-----

  5. Another sign Linux just isn't ready for prime time by HangingChad · · Score: 4, Funny

    It is distributed as a DLL...

    Until Linux can run botnet dll's and find a place among p0wn3d hacker machines, it's going to remain a hobbyist toy. It's so wasteful and inefficient to hack computers one at a time.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  6. Just Google it by Mathinker · · Score: 3, Informative

    We used to say "Engage brain before opening mouth" but nowadays the equivalent is "Check Google (or equivalent) before posting". P2P botnets have been around for a long time, and the recent Conficker worm uses P2P technology in quite an advanced way.

  7. Re:Why not P2P? by sakdoctor · · Score: 3, Insightful

    Storm and many others used P2P.
    Using a distributed hash table, each node wouldn't need a FULL list of nodes; often just O(log(n)) nodes.

    They have used encrypted+signed commands since forever, port knocking, basically everything in the field has been incorporated into making a better, more robust bot.

  8. Re:So? by Anonymous Coward · · Score: 4, Interesting

    On a more serious note, this demonstrates how easy it is to use any service for a botnet.
    As long as a service allows persistent user data, Slashdot, Google Customized Search, Photobucket, whatever, can all be used.
    Hell, the data doesn't even need to be persistent, ideally around a days age at the most, this allows each time region to access the site at different times so that it won't overload it or arouse suspicions by those sneaky little ninja sysadmins.

    Think about all those free websites out there, millions of them, and you can bet a good chunk of those are for botnets.

    Or how about MSN?
    Contacts of contacts of contacts, it can go millions of contacts deep, or a few hundred accounts used around the same geographical location at different times in the day.

    Of course, e-mail is still the best.
    Gmail is probably the best for this at the moment because of how much information that can be stored on a page at first glance. (which is why Gmail Drive is so nice)

  9. Next up: Botnets surfing the google wave by ghmh · · Score: 5, Funny

    Who needs IRC or usenet or google groups when you can surf the google wave?

    Wonder whether this will get you access?

    Google Wave Sandbox Developer Signup

    Name: xxxx
    ....
    What do you intend to build?
    Botnet

  10. Re:C2, not C&C by Yvan256 · · Score: 3, Insightful

    And C2 can refer to a truckload of things, so that doesn't really help.

  11. Re:Those IRC dwelling 14 year olds... by flydpnkrtn · · Score: 3, Insightful

    I know eventually a true, almost impossible to counter exploit will be found by them, for Linux.

    I think you lay the melodrama on a bit too thick... there's not really such a thing as an "impossible to counter" exploit...

    --
    Here's to the crazy ones
  12. Re:Why not P2P? by similar_name · · Score: 4, Funny

    What would be so hard for botnet owners to make a peer to peer botnet rather than using servers?

    That would attract the wrath of the RIAA.