Previous entries
Next entries

September 18th, 2006

Ten Move Botnet Takedown

By Jimmy Daniels
Contributing Writer, RealTechNews

Those stewards of justice at FaceTime have struck again, this time finding a botnet in it’s early stages, before many of the domains called by the first infection file are even hosting infectious files yet. And as always, it begins with a link in a chat window asking you an innocent question, “hey would it be ok if I upload this picture of you to my blog?”.

As you can see, the emphasis here is not so much on the files themselves, but on the way these files are deposited onto the system. Previous Instant Messaging attacks have tended to focus on the damage done by the files, with little thought on the method of delivery, save for the quickest way to get those files onto a PC. Here, the thrill for the bad guys seems to be in lining up as many of these “install chains” as possible - I keep thinking of a ten move combo on a fighting game such as Tekken…not a bad way to describe it, actually. What’s smart about this attack is that it doesn’t matter if you get a file “out of step” - if you start off with a particular file out of sequence, you’ll just end up somewhere else in the chain instead. There is no right or wrong place to start with this one - the hackers will make sure you get your fill of infection files! The amount of effort that’s gone into this kind of attack hints at a level of planning we’ve previously only seen here. And we’re not done yet… Source: Spywareguide.com

We Say: Meanwhile, Back at the Hall of Justice…

Though it’s always exciting to catch somebody in the final stages of putting their “Master plan” together, it’s also a touch worrying as you know that they’re not quite done yet. Will we see more developments from this case, much like we did with the drawn-out saga of the AIM Rootkit from the tail-end of 2005? That particular story started with Instant Messaging Rootkits, diverted down the path of a group of hackers based in the Middle-East and finished up with fake BitTorrent clients and Mr. Bean movies. We think this particular group have many more executable files ready and waiting to go live, so where this one will end up is anyone’s guess.

…did I mention this infection would give you a very bad day?

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

3 comments to "Ten Move Botnet Takedown"

  1. Tech News and Tips from Tipsdr.com says:

    Pipeline Worm Floods AIM with Botnet Drones

    A new worm is crawling through AIM - using a sophisticated network of “chain” installs, the bad guys can start the process of infection with any of the files and still hit you with the rest. Or they can target you with a certain selection o…

    September 18th, 2006 at 7:23 am

  2. Jasper says:

    easy sloved, stop 2end or 4rd level ads on the internet

    September 18th, 2006 at 8:47 am

  3. Andrew Weinstein says:

    The security folks here at AOL tell me that we’ve been blocking IMs containing the URL used in the attack since last Tuesday (9/12), so the worm should no longer be able to spread via the AIM network.

    Andrew Weinstein
    Spokesperson, AOL

    September 18th, 2006 at 1:31 pm

Leave a comment