Differently Structured Botnets Cooperate for Better Survival of Malware

Information collected about 'Kneber' (a recently found botnet) reveals an interesting phenomenon. If a computer is infected several times with different malware, then the infections can join up to develop an advanced mechanism that will improve the survival rate of all malware.

Kneber has a gigantic size. Its total zombie PCs count to some 74,000 and are located in 2,400 organizations. Indeed, this sheer magnitude of the network has drawn the industry attention following Kneber's discovery. But its method of communication with other botnets indicates that their relationships eventually help each malicious network to be better resilient to dismantling, says Alex Cox, Senior Consultant at NetWitness and Discoverer of Kneber, as reported by ComputerWorld on February 18, 2010.

Kneber was built with the help of a highly prevalent toolkit that assembled bots known as ZeuS. According to security researchers, Kneber is one of the botnets that the toolkit constructed.

Cox further indicated that more than 50% of the compromised computers within Kneber network were infected by other malicious programs that employed varied command-and-control (C&C) structures, as reported by Ecommerce Journal on February 22, 2010. According to Cox, if any one botnet was deactivated, the other was utilized to develop it afresh.

The consultant writes in his assessment of Kneber that minimum 2 different botnets having separate C&C structures are capable of providing tolerance of fault and recoverability in case one C&C infrastructure is deactivated.

In Kneber's instance, over 50% of the bots were infected by two botnets - 'Waledac' and 'ZeuS.' Although Cox isn't sure if they're joined up in operation, he isn't ruling out a possibility. In case the ZeuS C&C mechanism is disabled, ZeuS botnet's owner could contact Waledac's operator and pay to get his botnet provide an upgraded ZeuS, which will bring back ZeuS bots that will take commands from a fresh computer server.

Furthermore, the fact that Waledac and ZeuS coexist, it suggests that they've common objectives of resistance and survival along with potential and more intense cross-crew co-operation within the secretive world of cyber-crime.

Related article: Different Kinds of Internet Frauds Hit Consumers during September 2011, Reports GFI

» SPAMfighter News - 3/4/2010