Arbor Networks Researchers Find U.S.-based DDoS Botnet

The botnet infection has several methods of infection, including USB devices, Microsoft’s MSN service, Yahoo’s Messenger instant messaging service, and as a torrent file. Once a system has been infected, the botnet downloads and install itself on to the computer. It updates itself with the latest instructions from a remote command and control server and scans the host computer to detect what applications are installed. It also randomly removes arbitrary programs, Nazario said.

The bot can detect if tools such as Commview, TCPView and Wireshark are installed on the system. These tools allow the user to examine and analyze packets and network traffic. Skunkx also detect virtualization platforms such as QEMU for Linux, VMWare for Windows and VirtualPC for the MacOS X. It can also steal login credentials that Mozilla applications store in a SQLite database, according to Nazario.

Remarkably, the bot examines the infected system for other botnets and either disables or takes them over.  Is it surprising that the hosts may unknowingly host and share multiple botnets with their MSN and Yahoo friends?

via Arbor Networks Researchers Find U.S.-based DDoS Botnet – Security – News & Reviews – eWeek.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s