Newly-Discovered Murofet Botnet Accredited With Greater Danger
According to Damballa's Marshall Vandergrift and Sean Bodmer, botnet experts, the latest variant of the Zeus botnet namely Murofet, is potentially more risky compared to what was thought earlier. DarkReading.com published this on November 9, 2010.
State Vandergrift and Bodmer, ever-since Murofet appeared, they've been watching its activities. However, only when they examined the domains, which came to their notice, in a more elaborate way, that they managed arranging the bits of information together.
Writing in their personal website, the experts say that considering the operations, as a whole, of the earlier algorithm of domain generation, it is evident that Murofet's existence has been for long as opposed to what many doubted at first. Also, Damballa has been regularly monitoring the botnet starting early August 2010, they blog. Damballa.com reported this on November 8, 2010.
Moreover, Damballa may accredit a few of Murofet's victimized Internet Protocols with infections from Zeus before August 11, 2010 that may show that there had been redirection of the bots from botnet to botnet. Such redirection is normally done to increase the victimized asset's utility, to expand its lifespan, and to bypass identification. Nevertheless, more study is needed towards ascertaining any association of Murofet with the earlier infections by the Zeus bot as well as the release of Murofet in the wild, remark Vandergrift and Sean Bodmer in their special site.
Here, it may be interesting to know that experts aren't associating Murofet merely with Zeus. Recently Websense, another security company observed that a few traits of Murofet resemble those of Conficker. Accordingly, the greatest resemblance among the two is their utilization of an already fixed algorithm for apparently producing arbitrary domain names daily as well as trying to have fresh updates by summoning those domains. And here, the two's resemblances finish.
Eventually, it can be said that Murofet's appearance may result in additional botnet infections that Microsoft the software giant has been cleaning during H2-2010. In Q2-2010 (April-June 2010), Microsoft cleaned 6.5 million computers infected with Murofet, twofold that of H1-2010, Microsoft highlights in its "Microsoft Security Intelligence Report vol. 9" for January-June 2010.
» SPAMfighter News - 17-11-2010