Conflicker information and links - distribute widely!

As you have probably heard on the news a new beastie has been making its rounds on the Net, infiltrating Windows machines and awaiting the coming of the first of April - April Fool's Day. Unfortunately, like Y2k and the Michaelangelo virus, there is an incredible amount of misinformation out there making this worm out to be The End of the Net As We Know It - to hear some of the chatterbots talking heads, the milk in your fridge could curdle and your cat will marry your dog if your workstation gets infected. To be fair, nobody's sure of what Conflicker …

Read more...

The Storm Worm turns one year old.

The Washington Post ran an interesting article about the one-year anniversary of the release of the Storm Worm botnet agent about two weeks ago, possibly the most successful and virulent malware agent yet released on the Net. The Storm Worm beastie is unusual in that the botnet is a decentralized collective, i.e, all of the infections don't report into a single C&C channel but instead use a peer-to-peer networking protocol (a variant of the eDonkey protocol, specifically), so it can't be killed by taking down a single server. It is also interesting because updates are periodically released for …

Read more...

The Storm Worm botnet learns some new tricks - like phishing.

Scarcely one year after the initial appearance of the Storm Worm and its resulting botnet, some heretofore untapped functionality's been pushed out in one update or another in just the past couple of days: Not only is the botnet sending out phishing-related spam but the phishing sites are hosted on the infected machines themselves. The information security community is speculating that it may now be possible for the controller of the botnet to partition it and assign different tasks to different segments of the infected net.population. As if that weren't problem enough, the domains that the phishing sites use …

Read more...

Source code to Javascript botnet agent leaked!

Remember the software that Billy Hoffman demo'd at Shmoocon 2007 - the Javascript that turns any capable web browser into a zombie?

One Mike Schroll snagged a copy while in the audience and posted it to his website. From there, about 100 somebodies downloaded copies, which no doubt have spread farther.

You can bet that this is going to find illicit use soon. For Firefox users, I strongly suggest that you look into installing a plug-in called NoScript, which lets you decide whether or not to execute the Javascript embedded in a particular web page.

As always, read the documentation.

Cross-platform droneware: Bots written in Javascript.

Billy Hoffman of the security outfit SPI Dynamics unveiled the fruits of his research at Shmoocon last weekend (which I'm still miffed about not being able to attend), botnet software written in Javascript that runs on any modern web browser. His prototype botnet agent is called Jikto, and it searches for cross-site scripting vulnerabilities in websites after beginning execution when the user looks at a malicious website or e-mail message. Periodically, it will phone home with vulnerable URLs and details of same. This means that even Net-capable cellphones can unwittingly be turned into botnet members.

Javascript can hypothetically be dropped …

Read more...