Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Arbor Networks Spotted a New Botnet Group

Arbor Networks, a security firm, recently released a research, which highlights the arrival of a completely new collection of botnets across the hacker scenario.

Notably, hackers and other cyber-criminals employ botnets for distributing spam, capturing passwords as well as launching Distributed Denial-of-Service (DDoS) attacks inundating users' servers with undesirable data. Often, these botnets, i.e., an army of zombie PCs are hired out in the form of criminal Software-as-a-Service (SaaS) to intermediary entities who're commonly recruited via Internet discussion boards.

The report reveals that "White Lotus", the new bot network, does not seem to be modular; however, the grammar it uses is similar to that of BlackEnergy v2. To explain, BEv2 (BlackEnergy 2), it relies on modern methods of injecting rootkits/processes, and uses high-level encryption along with a modular design. While the earlier BE kit indeed had a raw Trojan that concealed the malware's process and executable file, the second version of BE is a lot more advanced.

However, according to Jose Nazario, Security Researcher at Arbor Networks, White Lotus does not make use of encryption data, as reported by Infosecurity.com on April 9, 2010. Nazario explains that the malicious network normally plants its bot in the form of a Windows .exe file.

Moreover, to make sure the malware becomes active when the computer starts up the bot opens a registry entry within no less than two areas.

Further, according to the security firm, White Lotus can launch DDoS assaults as well as handle downloads. Its bot, when analyzed, discloses that it's a Microsoft binary of visual basis packed with Ultimate Packer for eXecutables (UPX), which plants another binary containing a 13-position "Ceasar shift."

Nazario, in his blog post writes that once the analysis is over, it'll become visible to the end-users that White Lotus backs proxy characteristics too.

He states, apart from it being a typical Hypertext Transfer Protocol (HTTP) DDoS malware, White Lotus is seemingly distributed in a limited amount through only a few new servers and samples.

Finally, it's not just the White Lotus botnet that Arbor Networks has detected recently. During the first week of April, the company detected TT-Bot as well, which's also a HTTP DDoS malware with seemingly limited use.

Related article: Airport Website Used To Attack NAB Customers

ยป SPAMfighter News - 22-04-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next