Previous entries
Next entries

March 15th, 2006

IM Software Used to Create Huge Botnets

By Jimmy Daniels
Contributing Writer, RealTechNews

In a press release from Facetime Security Labs, a new threat is using instant messaging software, if you click on a link passed passed through IM, Remote Administration Server is installed and it’s icon is hidden in the systray. This software is then used to install even more malware, including Carder, an application used to discover exploits in shopping carts.

Acting on an anonymous tip, researchers have uncovered two “botnet” networks that collectively represent up to 150,000 compromised computers, one of which is being used as a vehicle to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. The operators could potentially launch these scans from any computer on the botnet to mask their actual location.

Instant messaging applications and protocols are an increasingly popular vector to distribute malicious files and executables. With this new threat, FaceTime has identified more than 40 unique files — many designed to take advantage of social engineering techniques, stored passwords, auto-complete data and vulnerable payment systems. Relevant files and information on a large number of “at risk” credit card accounts have been provided to federal authorities. Source: FaceTime.

I have continually harped on the dangers of adware and spyware and the often dubious means criminals or unscrupulous affiliates use to spread this software contagion. Taking it one step further is the use of “botnets”, and in this case, large botnets to steal consumer data- credit card data, personal information, passwords, etc. What makes it more alarming is that this social engineering attack via the IM vector can easily be passed by a trusted source. IM is increasingly becoming a choice vector of attack like a ripe apple on a tree. Source: Wayne Porter

We Say: Anybody been clicking on any strange links via IM? Scary. Steal your banking info, personal information, auto-complete data, and scan shopping carts for exploits using your pc, anything they want to do with your pc. They own it.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

8 comments to "IM Software Used to Create Huge Botnets"

  1. jasper says:

    2 problems with this storry

    1. What IM are we looking at ? I use Sametime and is just fine
    2. Why is the company that stumbles over this also he one that have solution they want to sell ? ( make it more untrustworthy )

    March 15th, 2006 at 10:19 pm

  2. Wayne Porter says:

    Jasper,

    a) ANY IM can be a target

    b) We did not stumble over it- our labs took a long time in analyzing the data and files. To date we are the only ones, to my knowledge to protect against this particular threat, but in time others will have that protection. Use what security solution you find the best for you. But since we researched it the release was meant, naturally, for our customers. Thus our solutions. But again use what solution you feel is right for you but at any rate be wary of those IM links. They could come from a trusted source.

    regards,
    Wayne Porter

    March 16th, 2006 at 4:49 am

  3. Jimmy says:

    Jasper,
    So, that would make a lot of companies untrustworthy. You don’t see Mcafee solving a virus problem and advertising Norton anti virus, do you?

    March 16th, 2006 at 5:57 am

  4. Charles says:

    Jasper,

    If you are in the business of developing PC protection software, doesn’t it follow that you would be the one to seek out the problems and corresponding solutions?

    Most of the past week I have had to disconnect my ICQ account (I use Trillian) because the never ending botnet requests to add them to my list.

    March 16th, 2006 at 11:12 am

  5. Jasper says:

    I do agree that it often the company that are spending time looking into issues who find them, but I’m keen on verifying things with more than one sources,

    I’m sure that if anybody found a 150000 PC botnet the main interest is to pass that information to the FBI and then support them in finding the controller(s)

    It clear that any user who clicks on a file link is a general risk but any company with a clear IT policy need to worry about IM are provided by the company or not allowed is my way,

    The solution to the problem is to not allowed doinload of any exe,com,msi,bat,cmd and so on file, as it will pass the proxy or FW in the company ? or do the links enable users to store files onm IM systems and do not use the general internet ?

    Sorry that my spelling is kind off but im as you guessed not a english person.

    Jasper

    March 17th, 2006 at 1:20 am

  6. » World Wide Web and The Dark Economy » Blog Archive   Alice Hill’s Real Tech News - Independent Tech says:

    […] In a previous post, IM Software Used to Create Huge Botnets I posted about how hackers are using instant messaging software to create huge botnets of computers, and how Facetime communications employees, including Wayne Porter and Chris Boyd, discovered these two botnets that were being used to scan desktop systems and shopping carts for vulnerabilities, to obtain credit card numbers, bank accounts, and personal information. […]

    December 30th, 2006 at 12:25 am

  7. » Facetime Duo Tag Teams Botnet Masters » Blog Archive   Alice Hill’s Real Tech News - Independent Tech says:

    […] In a previous post, IM Software Used to Create Huge Botnets, I talked about how some research and tact by Wayne Porter and Chris Boyd brought down a huge botnet of 150,000 computers that were being used to fraudulently scan desktop and back-end systems, including some shopping carts, to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. At the RSA conference they described how they did it, infiltrating their hangouts and getting them to boast of their exploits and how they profited using this new Dark Economy. After laying out so-called honey pots in hopes of finding the signature work of two of the suspected botnet purveyors, known by the comic book like villain monikers MC-Zero and Ink, Boyd said the researchers found their quarry and began examining posts the individuals made to shadowy sites in which they bragged about elements of their attacks. […]

    February 8th, 2007 at 11:44 pm

  8. 翻译公司 says:

    China in the 21st century the Eight-Power Allied Forces would like to do ?
    重大疾病保险
    Let the world see the power of the Chinese people unite!
    May 1, so that the country’s Carrefour cold market!
    June 1, the country’s KFC cold market!

    May 18th, 2008 at 7:49 pm

Leave a comment