English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Botnet of Zombie Linux Servers Distributes Malware

According to Denis Sinegubko (an independent security researcher based in Magnitogorsk, Russia), cyber criminals have compromised several Linux servers to distribute malware on Windows computers, as reported by TheRegister on September 14, 2009

Giving details of the finding, Sinegubko explains that all the hijacked systems scrutinized till now are fully or virtually dedicated servers. They have a genuine website running on them.

Sinegubko writers - the alleged attack involves several long-expected web servers that have been compromised to build a network of 'zombies.' This network of zombies is actually an amalgamation of contaminated web servers joined together and put under a common command-and-control system that issues instructions for malware distribution. He further adds that the attack is made more complicated after linking the 'network of zombies' to another bot-infected network containing contaminated household PCs, as reported by TheRegister on September 12, 2009.

Meanwhile, the discovery emphasizes the ongoing development of bot herders who actively search for more novel methods to send commands to their numerous zombies.

This novel bot-herding technique was uncovered when malicious links posted on the Chinese Internet were substituted with vibrant DNS (Domain Name System) names available from No-IP.com and DynDNS.com. The contaminated web-servers subsequently establish their registration with the vibrant DNS services utilizing specific host names containing their Internet Protocol address.

Continuing further, Sinegubko says in a different statement that the particular DNS services have removed over 100 host names that were listed on their databases. However, the botnet herders seem to be acting fast and registering hijacked web-servers under fresh labels, as reported by Honline on September 14, 2009.

While the process of servers' contamination isn't clear, Sinegubko assumes the infections are because of careless administrators who let unauthorized parties sniff their passwords. The web servers were hijacked with attacks which, after injecting rogue iframes into websites open on the servers, employed stolen FTP (File Transfer Protocol) passwords.

Finally, the researcher states that although No-IP.com and DynDNS.com have been behind the shutdown of domains so far, yet he reports of identifying roughly two fresh IPs every 60-mins, a suggestion that this phenomenon might not end here. Notably, Sinegubko has so far identified 77 IP addresses.

» SPAMfighter News - 02-10-2009

Bookmark and Share
Twitter Facebook RSS

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird

Optimize Slow PC

Optimize your Slow PC for better performance. Try FREE scan now

Exchange spam filter

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial


anti virus

Antivirus software for your Windows PC - Free 30 days trial

<<<>>>