.

Botnet of "Byzantine Complexity" Uncovered

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue May 06, 2008 9:59 am

Botnet of "Byzantine Complexity" Uncovered

Wouldn't you think that by now open relays on email servers would be a thing of the past?

Researchers at an Eastern European security company have uncovered a spam-sending scheme of "Byzantine complexity" that attempts to use military and university email servers to send junk email.

The discovery by Romania-based BitDefender came after the company identified spam e-mails that claimed to contain links to videos. When users click the link to view the video, however, they were prompted to download a media player, which actually was Backdoor.Edunet.A, a trojan that uses victims' compromised computers as a channel for sending commands to a series of mail servers.

The Edunet backdoor creates a botnet used to attempt to send spam via a list of mail servers, BitDefender said in an online posting available here. The mail servers are mostly in the .edu and .mil domains.

"It's not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military- and university-run mail servers as spam relays," Sorin Dudea, BitDefender's head of antivirus research, wrote in the online posting. "It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common."

The trojan sends the commands hoping to find an open relay -- a mail server misconfiguration that spammers often use to camouflage the origins of their spam. This techniques essentially makes it appear that any email originating from the trojan is in fact one sent from the open relay, according to BitDefender.

The list of servers is retrieved by the trojan from a series of web servers that are compromised themselves or part of the attackers' own network, according to BitDefender. The list of web servers is continuously changing, but that of the targets has, so far, remained constant, the company said.

BitDefender researchers said that none of the servers in the current target list is actually vulnerable.


Original story:
http://www.scmagazineus.com/Byzantine-b ... le/109731/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

elcapitan

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon Apr 28, 2008 10:16 am

Post Sun May 18, 2008 8:57 pm

Re: Botnet of "Byzantine Complexity" Uncovered

I do wonder these days what MTA installs with open relay enabled.  :o

Symantec's finding is rather surprising though:

The average lifespan of a bot-infected computer during the last six months of 2007 was four days, unchanged from the first half of 2007.


Those bots probably pump a lot of SPAM if they live just four days.
CISSP, Security+, CEH, OPP, et alii
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Sun May 25, 2008 10:41 am

Re: Botnet of "Byzantine Complexity" Uncovered

The average lifespan of a bot-infected computer during the last six months of 2007 was four days, unchanged from the first half of 2007.


I don't agree. The "average life span" depends on the knowledge of the computer or network admin. I remember reading somewhere (probably in "Firewalls and Internet Security") that this hacker, when he came out of jail after a few years, found taht the backdoors in the computers that he planted before going to jail, were still there.
There is no rule, law or tradition that apply universally... including this one.

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software