RSA Warns of Increased Fast-Flux Botnets Activities
Leading security provider, RSA, has informed that it has witnessed a hike in the usage of advanced methods to conceal command-and-control bots in compromised computer networks. But, Cambridge University scientists have challenged the statement alleging that fast-flux usage has been continual during the last one year.
Cambridge University's scientist and Chairman of the Anti-Phishing Working Group concurred on conventional phishing methods, as reported by InfoWorld in the beginning of March 2008,
They maintained that these methods still flourish in spite of the best endeavors by Webmail hosting firms and ISPs (Internet Service Providers) to remove the maximum possible vicious unsolicited e-mails. However, phishers carry on using the fast-flux framework to avoid detection and are perpetrating targeted strikes developed in expertise and quality.
In the meantime, security analysts describe fast flux is a DNS method wherein bot herders constantly shift the position of a Web, message or DNS server from one PC to another so as to continue its malevolent activities like spamming or phishing, surreptitiously.
On March 17, 2008, RSA declared that the method is generally utilized by the remote controllers of the Storm worm botnet and is currently being utilized by almost three other compromised computer networks, as reported by ZDNet Australia on March 19, 2008.
Although, RSA declined to identify the botnets or the groups concerned, but RSA's Senior Researcher, Uriel Maimon, informed ZDNet.co.uk that the company had lately observed a group applying a blend of fast-flux DNS spread command-and-control and diverting all botnet traffic via proxy servers to hide the compromised computer networks.
Meantime, another renowned security expert at Arbor Networks, Jose Nazario, claimed that he has been independently pursuing almost a hundred fast-flux botnet domains along with his colleagues who are also following over 1,000 other such domains that were thriving mainly amongst spam e-mailers and phishers, as reported by darkREADING in the second week of March 2008.
But, experts from Cambridge University have disputed RSA's assertions saying that the fast-flux sites, they have been pursuing for phishing attacks, are a leased service where users have to compensate the host.
Cambridge University experts follow domains links in unsolicited emails trying to track them. Experts claim that links to fast-flux servers automatically uncovers several IP addresses, as reported by ZDNet Australia on March 19, 2008.
Related article: RSA Attendees Responsible for Wireless Vulnerability
» SPAMfighter News - 27-03-2008