Botnet world

There was a big hit to botnet world when the Spamit.com closed their shop and the gigantic Rustock botnet was slowed down. As looking to statistics we can see that this made this year so far happy to anti – spammers.And when it all looked quite and nice, suddenly the well known Donbot and Xarvester returned. Someomne clearly breathed a new life to these spamming machines.Below you can see the activity of well known Botnets.
Xarvester first came to attention few years ago, it was found that then it was the leading botnet, having a big relation to such gigantic botnets as Rustock. Lets take a look to Xarvester.
Alliases : Bybot , Rlsloop, Pixoliz
Features : Encrypted C&C communication, HTTP over non-standard ports ; XOR-encrypted template files contain several files needed for spamming; Spam run results sent back to control server; Can upload Minidump crash file
Spamming rate : 25,000 msgs per hour per bot
Command and control : bestsolutions2010.info; def2010cnt.biz; Port – 12309 (may vary)
Malware behaviour on Host below:

The spambot itself is relatively simple. When the executable is run, it first performs a query to checkip.dyndns.com to check the IP address of the host. The bot then connects to the def2010cnt[dot]biz domain on port 12309, and requests an encrypted file, which, when decrypted, proves to be a container for a bunch of files the bot needs to spam.

I write posts about Botnets recently because i find them the biggest enemy at computing world. I also cant imagine how people create such huge machines for their own purposes.
Reference : http://labs.m86security.com/

Advertisements
This entry was posted in IT Security, Week 23. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s