Old Botnet SDBOT Continues to Haunt Users

SDBOT, an old botnet still exists and is stealthily disseminating pay-per-install scams at present, according to a new research paper released on December 11, 2009.

SDBOT is an Internet Relay Chat (IRS) based botnet, which first appeared in 2004. The infections caused by this low-profile botnet usually go unnoticed.

It is noted that giving way to more stealthy and robust botnets that employ peer-to-peer communications or HTTP in order to control infected botnet systems, IRC botnets have gradually been fading. However, botnets like SDBOT, which use IRC, almost silently perform their task, according to Trend Micro.

The security firm said that these bot malware are neither resource hogs nor heavy e-mail spammers. They barely ever interrupt normal computer activities such as Internet browsing; consequently, their victims seldom come to know that their systems have been compromised.

It appears that cybercriminals hire the reach and download ability of this botnet, as per the researchers at Trend Micro. Pay-per-install business model is easy to use, and hence it is increasingly put into practice. To install a malware on infected computers, a botnet owner is paid. For example, to easily push the FAKEAV files to computers, their author pays the SDBOT gang. This gang already possesses an IRC botnet and remotely controls thousands of compromised systems.

Cyber goons either want to increase the number of users they attack or are willing to distribute spammed e-mails to accomplish various other motives. The SDBOT gang has been engaged in dealing with various other business requests like installing CUTWAIL, KOOBFACE, FAKEAV and other variants of malware on their compromised bots for the longest time span, instead of launching their own focused assaults, reveals Trend Micro's report.

Trend Micro also explained the reason as to why SDBOT uses technology. The main reason is that botnets which use IRC have gradually moved out in favor of more sophisticated botnets such as Pushdo, Koobface, Zeus, and Waledac. These high profile botnets are regularly under the researchers' observation.

The best way to avoid becoming a target of botnet and being infected with SDBOT malware is not to click on links which are sent through IM applications. Users must update security applications at regular intervals and also avoid opening unsolicited spam and e-mails.

Related article: Old Widow Fall Victim to E-fraud with Lure of $30 Million Inheritance

» SPAMfighter News - 12/23/2009