Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on May 10, 2007 9:26 PM.

The previous post in this blog was Inside the head of a phisher.

The next post in this blog is Citibank's virtual keyboard authentication busted.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Inside the head of a phisher | Main | Citibank's virtual keyboard authentication busted »

Botnet control tools

Today Help Net Security published an interesting article "Tool used to control botnets across 54 countries discovered". It describes a recent investigation by PandaLabs where they uncovered "Zunker", an application that controls botnets. The article says "it was being used to manage a network of tens of thousands of computers across 54 countries.".

The article then proceeds on to describe how Zunker works:
"
The program discovered by PandaLabs also has a statistics section. This includes a series of graphs showing the performance of each bot along with the number of available zombies and their daily or monthly activity. According to Luis Corrons, technical director of PandaLabs: “The program has been carefully designed and is easy to use. Zunker organizes the bots by country, and shows how many bots there are along with reports from each one, how much spam has been sent and what software has been used by the bots to send the spam (gmail, IM, forums, etc...).”

But Zunker is not just a management tool. It also lets the user control the bots. The “Control” menu lets the herder send commands to the bots, for example telling them to send spam. The “template” auction lets the user design the content of the spam with different templates depending on whether the message is aimed at email accounts, instant messaging or forums.

Zunker even gives the creator figures about the lifespan of bots, that is, how many remain active out of those that infected computers. “The last time we checked”, explains Luis Corrons “the percentage was 40%. This means that 40% of bots were still operating. This figure, along with the age of the oldest bots, gives an idea to the hacker of how effective infections are”.

Another option in Zunker is to order bots to download files onto infected computers, for example, malware (Trojans, adware, viruses,…). “This way they exploit infections to the full. The computer is not just used to send spam but also, the user’s personal data such as bank details, etc. is stolen”, explains Luis Corrons.
"

Read the article to get an idea how botnets are used to distribute malware and be used in attacks.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on May 10, 2007 9:26 PM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/226

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)