|
Title: Botnet of "Byzantine Complexity" Uncovered Post by: don on May 06, 2008, 09:59:57 AM Wouldn't you think that by now open relays on email servers would be a thing of the past?
Quote Researchers at an Eastern European security company have uncovered a spam-sending scheme of "Byzantine complexity" that attempts to use military and university email servers to send junk email. The discovery by Romania-based BitDefender came after the company identified spam e-mails that claimed to contain links to videos. When users click the link to view the video, however, they were prompted to download a media player, which actually was Backdoor.Edunet.A, a trojan that uses victims' compromised computers as a channel for sending commands to a series of mail servers. The Edunet backdoor creates a botnet used to attempt to send spam via a list of mail servers, BitDefender said in an online posting available here. The mail servers are mostly in the .edu and .mil domains. "It's not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military- and university-run mail servers as spam relays," Sorin Dudea, BitDefender's head of antivirus research, wrote in the online posting. "It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common." The trojan sends the commands hoping to find an open relay -- a mail server misconfiguration that spammers often use to camouflage the origins of their spam. This techniques essentially makes it appear that any email originating from the trojan is in fact one sent from the open relay, according to BitDefender. The list of servers is retrieved by the trojan from a series of web servers that are compromised themselves or part of the attackers' own network, according to BitDefender. The list of web servers is continuously changing, but that of the targets has, so far, remained constant, the company said. BitDefender researchers said that none of the servers in the current target list is actually vulnerable. Original story: http://www.scmagazineus.com/Byzantine-botnet-uses-military-education-servers-for-spam/article/109731/ Don Title: Re: Botnet of "Byzantine Complexity" Uncovered Post by: ElCapitan on May 18, 2008, 08:57:59 PM I do wonder these days what MTA installs with open relay enabled. :o
Symantec's finding is rather surprising though: The average lifespan of a bot-infected computer during the last six months of 2007 was four days, unchanged from the first half of 2007. Those bots probably pump a lot of SPAM if they live just four days. Title: Re: Botnet of "Byzantine Complexity" Uncovered Post by: shakuni on May 25, 2008, 10:41:31 AM Quote The average lifespan of a bot-infected computer during the last six months of 2007 was four days, unchanged from the first half of 2007. I don't agree. The "average life span" depends on the knowledge of the computer or network admin. I remember reading somewhere (probably in "Firewalls and Internet Security") that this hacker, when he came out of jail after a few years, found taht the backdoors in the computers that he planted before going to jail, were still there.
Powered by SMF 1.1.5 |
SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |