« My media - let me sho… | Home | US Judicial system de… »

The Storm Worm botnet learns some new tricks - like phishing.

Thursday 10 January 2008 at 2:23 pm
Scarcely one year after the initial appearance of the Storm Worm and its resulting botnet, some heretofore untapped functionality's been pushed out in one update or another in just the past couple of days: Not only is the botnet sending out phishing-related spam but the phishing sites are hosted on the infected machines themselves. The information security community is speculating that it may now be possible for the controller of the botnet to partition it and assign different tasks to different segments of the infected net.population. As if that weren't problem enough, the domains that the phishing sites use update their DNS records every couple of seconds (a method called fast-flux DNS addressing), so every time you go to that domain, you're actually contacting a different IP address. That way, it isn't possible to block a small number of IP addresses at the local level.

As they say, 'interesting times'.

Used tags: botnet, fast_flux, hosting, infosec, malware, phishing, storm_worm, websites

Fight Spam! Click Here!

Trackback link:

No comments recorded.

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		/ Textile
(Register your username / Log in)
Notify: Yes, send me email when someone replies. Hide email: Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.