Botnets + hacking kits + Web app holes = good times for cybercriminals
Posted on | April 28, 2010 | 4 comments
Criminal-controlled botnets are becoming more resilient and powerful than ever. It’s easier than ever for even low-skilled hackers to supply botnets with freshly infected PCs via user-friendly hacking tool kits. And many of them are using these tool kits to spread infections on weakly protected web pages put up by legitimate corporations.
Those are conclusions from recent security reports from Symantec’s MessageLabs division, Microsoft, M86 Security, WhiteHat Security and Imperva.
The MessageLabs report and Microsoft report both show that even when the good guys shut down ISPs hosting large swarms of infected PCs spewing spam, the bad guys “quickly recover and continue to send malicious content almost uninterrupted, ” says Paul Wood, MessageLabs Intelligence Senior Analyst.
Rustock the largest and most powerful botnet controls between 1.6 million to 2.4 million infected PCs; it has increased spam output by 300% in recent months and is responsible for a third of global spam. The top three Rustock-infected countries are India, USA, and Brazil, says Wood.
Hacking tool kits readily for sale
The M86 report details the rise of hacker tool kits, counting more than a dozen new kits being marketed on the Internet in the past six months. Most of these kits are in Russian, such as Adpack and Fragus, perhaps indicating the location of buyers, and the majority take advantage of security weaknesses in Adobe Flash, javascripts and, Adobe PDF readers.
Kits with names like Crimepack, WebAttacker, MyPolySploit, XCore, UniquePack and LuckySploit typically sell for $100 to $1,000, and all include basic coding to infect PCs and have them report to a botnet controller, says Bradley Anstis, VP of Technology Strategy for M86 Security.
Meanwhile, the Ponemon Institute recently surveyed 627 IT pros at more than 400 multinational enterprises and government organizations in a study sponsored by WhiteHat Security and Imperva. The survey shows more that than 55% of developers writing Web programs are are too busy to respond to security issues, while 74% of the survey respondents said they don’t have a dedicated security team.
The circle of (criminal) life
“Botnets are PCs that have been infected with malware. Malware predominantly spreads by exploiting unpatched Web browsers which people use to visit legitimate, yet infected websites,” says Jeremiah Grossman, CTO of WhiteHat Security.
Websites, in turn, are getting infecting by hackers using toolkits honed to search out webpages ripe for SQL injection attacks, that crack into the database layer of weakly-protected websites. Click on a tainted webpage and you won’t notice anything. Your PC gets turned into an obedient “bot,” and for good measure all of your account logons routinely get stolen.
“Welcome to the cat and mouse game,” says Antsis. “Everytime an infected bot gets remediated or a botnet gets taken down, the blackhats develop new ways to get around that.”
Chart courtesy of Symantec’s MessageLabs Intelligence; Crimepack took kit screen shot courtesy M86.
By Byron Acohido
Comments
4 Comments »
RSS feed for comments on this post.
that graph is horrible
Comment by Lama — 4/29/2010 @ 2:01 pm
Is not easy to buy a botnet doing a simple google search and pay a few of thousand dollars as buying a laptop. but is not imposible after of weeks or months contacting hackers.
Botnets will continue existing while exits people who doesn’t understand the basic of using a computer,they simple use it without knowing the basic of arquitecture and security.
Virus, botnets will continue being the best friends of big antivirus companies, they get a lot of money slowing down computers and providing a false sense of security.
Education about cibercrime,Internet security is near of zero, we need to change it.
Comment by Gustavo the keylogger guy — 7/26/2010 @ 2:16 pm
OI CHUYIYA………..
Comment by FUCKER — 1/2/2012 @ 8:23 am
OI MADARCHOD, PAGLACHODA BONRUTI, KUCHKI MAGIR POLA, CHUTMARANIR POLA TOR HOGAYE ROD DHUKAMU.
Comment by TADPOL — 1/2/2012 @ 8:26 am