Botnets are becoming quite competitive, with designers now working to remove competing bots on machines they are trying to infect.

Please do the needful – practice safe browsing, and keep your computer clean.

TDL-4 has been specifically designed to avoid destruction—whether by law-enforcement, anti-virus software, or competing botnets. On installation, TDL-4 will remove other rootkits, an act which both deprives competing operators of income and reduces the chance that the user will notice that their system is behaving strangely and attempt to repair it. The goal of a rootkit is to remain undetected, and that includes noticing that a computer simply isn’t behaving correctly.

[...]

The most significant feature, however, is the inclusion of peer-to-peer technology in the latest version of the botnet’s code. The rootkit uses the Kad peer-to-peer network, used by filesharing software eMule, to communicate between nodes. Using Kad, the botnet creates its own network of infected computers, allowing the machines to communicate with each other without relying on a central server.

via 4 million strong Alureon P2P botnet “practically indestructible”.

The botnet infection has several methods of infection, including USB devices, Microsoft’s MSN service, Yahoo’s Messenger instant messaging service, and as a torrent file. Once a system has been infected, the botnet downloads and install itself on to the computer. It updates itself with the latest instructions from a remote command and control server and scans the host computer to detect what applications are installed. It also randomly removes arbitrary programs, Nazario said.

The bot can detect if tools such as Commview, TCPView and Wireshark are installed on the system. These tools allow the user to examine and analyze packets and network traffic. Skunkx also detect virtualization platforms such as QEMU for Linux, VMWare for Windows and VirtualPC for the MacOS X. It can also steal login credentials that Mozilla applications store in a SQLite database, according to Nazario.

Remarkably, the bot examines the infected system for other botnets and either disables or takes them over.  Is it surprising that the hosts may unknowingly host and share multiple botnets with their MSN and Yahoo friends?

via Arbor Networks Researchers Find U.S.-based DDoS Botnet – Security – News & Reviews – eWeek.com.

People voluntarily joining together for a common cause can wield considerable power.

Behind those reports, though, is the growing issue of opt-in botnets powered by users who intentionally install software to take part in cyber-attacks. The concept is not new; but such botnets are increasingly being used as a vehicle of protest by hacktivists looking to voice their displeasure.

“Opt-in botnets are a different breed of threat,” said Gunter Ollmann, vice president of research at Damballa, who recently wrote a paper on the issue (PDF). “While criminal botnets require the invisible and unauthorized installation of a malware agent – which is generally illegal in most Western countries – ‘choosing’ to install the software and consenting to be part of a distributed platform is fine.”

via WikiLeaks Supporters’ Attacks Show Power of Opt-in Botnets – Security – News & Reviews – eWeek.com.

Destroying your network can be profitable business.  Please make sure none of your machines are part of someone else’s botnet.

From spamming to harvesting data, botnets are a hot commodity for attackers. But as the Iranian Cyber Army’s decision to sell access to its botnet shows, hawking access to compromised computers can be profitable too.

The price of a botnet depends on a number of factors. The first is size, noted Imperva Senior Security Strategist Noa Bar Yosef. Beyond that, it often depends on what type of attack is being planned, the length of the attack, the target and its geo-location.

“Although a rental is based on a multitude of factors as stated above, to give some ballpark figures,” she said. “A 24-hour DDoS [distributed denial of service] attack can be anything from a mere $50 to several thousand dollars for a larger network attack. Spamming a million emails, given a list, ranges (from) $150-$200…a monthly membership for phishing sites is roughly $2,000.”

via Botnet for Sale Business Going Strong, Security Researchers Say – Security from eWeek.