Archive for the ‘Botnets’ Category

Spare the environment, spare yourself

July 14th, 2008

It’s hard these days not to be aware of global warming. It already affects millions of people and is going at an alarming pace.
Recently, I was reading an article from a computer magazine, titled something like “Go green”. in this article they looked at how much energy computers are using and also if any of their parts could be recycled. That was an interesting reminder that most of today’s electronics are big energy suckers. Also, our society’s way of consuming electronics has changed drastically over the past 50 years. It used to be that you would buy a television that would last you years. Nowadays, the life span of most of our electronics is very short. Of course there is a reason behind it. It’s not in the manufacturers best interest to make a product that will last a lifetime. And of course, technology changes constantly, and along with aggressive marketing, peer pressure and the like, you have to have the latest thingy.

Anyway, I could go on and on about this, but it would really help too much, would it? Now, as far as our energy consumption goes, there are many things we can and probably should do. Back in the 80’s and 90’s, people were advised to leave lights on (apparently it cost more to start a light, than to leave it on all night). I’m not too sure about that one. Today however, there is a general consensus to turn appliances OFF when you are not using them. I couldn’t agree more with that statement. There is also another reason why you should do it, and this has to do with malware attacks (finally ;-) )

In today’s malware threats, botnets are the big topic. They are groups of zombie computers that participate in illegal activities. Zombie computers are anybody’s PCs, which happen to be infected and controlled by hackers. You may not know it, but chances are that your computer is sending out spam while you’re sleeping at night. Hackers can detect if a computer is idle and launch a task, instead of risking the chance of being exposed while you are on it. (why are my hard drive and modem lights going insane?).
Or you computer may be used as storage for child pornography: the hacker is safe, but you’re not if the authorities raid your house and discover illegal material on your PC.

Anytime your computer is online, you are at risk of being attacked. Contrary to some beliefs, you don’t have to be downloading stuff or surfing the web for something bad to happen. Also, if your machine is already infected, it will gladly enjoy having 100% free resources again after you leave.

For the sake of the environment and for your own protection, it makes sense to turn the PC off when you’re not using it. It’s a hacker’s worse nightmare when he sees his bot infected machines go offline because suddenly, he can’t control them anymore and his chance of harming you and other people goes down.

JSegura


Up close with a Bot

May 27th, 2008

During our malware investigations we come across some interesting things. Today, we will discuss the case of an IRC bot.

First of all, let’s start by defining what we are talking about. A Bot is an infected machine (with a malicious backdoor program) which can be controlled by a hacker through a command and control infrastructure. We refer to botnets to describe a network of computers made up of infected machines.

Bots can be used for multiple purposes: one can use them to host malware, send spam, or combine them to launch DDos attacks (distributed denial-of-service attack), typically to bring down a server.

What usually happens is a computer gets infected by a drive-by-download. In most of the cases we have seen, it is a Trojan Downloader whose purpose is to contact a server to install a malicious backdoor. This program gives the hacker (also known as the bot herder) full control over the PC which is now a Bot.
The bot connects to an IRC (Internet Relay Chat) server where it identifies itself. For example, it will send a message to the hacker, saying: “I’m a Windows XP machine, with a broadband connection, my IP is address is …… etc.”. The hacker can control the bot by sending it instructions via the IRC channel.

At this point the PC is owned by the hacker and can be participating in illegal activities. Hackers will gather hundreds of thousands of bots to launch massive spam campaigns or DDos attacks.

After the theory, let’s see a real life example. We found this PHP IRC Bot configuration file that describes the main commands use by a hacker to control a Bot. Here are some screenshots:


Configuration of the Bot server.


Commands available to the Bot Master.

As you can see it is frigthening how much a hacker can do with a compromised PC. Malware authors are aware of the power of combined computers to be used to generate money or launch a cyber attack. The other scary thing is that most people are not aware that their PC is part of a Botnet. Our recommendations to our readers are to scan their PC regularly as well as shut it down when they are not using it. Once the power is turned off, the hacker will lose the machine, that is until next time it restarts ;-)

JSegura

Location

You are currently browsing the archives for the Botnets category.




RSS feed to this site Twitter Linkedin YouTube Channel

 

RSS feed to this site Jerome Segura is a Security Analyst working at ParetoLogic.

You can contact him at:
MalwareDiaries Email

 

Pages




Malware Top 10




Archives




Categories
 
 
 

© 2009 ParetoLogic Inc.