Harnig Botnet Goes Underground Following Rustock Shutdown
According to investigators from FireEye a security company, a huge sized botnet namely Harnig that's used for disseminating Rustock as well as other malicious software appears as being shutdown.
Incidentally, Harnig (a.k.a Piptea) helps in carrying out pay-per-install schemes on a wide-spread basis for primarily contaminating computers followed with downloading and planting various types of other malicious software onto those PCs.
And while Harnig facilitates this, other malware-owners, who hire the service, compensate Harnig's masters by paying merely some cents for every computer. However, in the case of networks used for pay-per-install schemes, it may be impossible to determine the dropped malware's kind and volume.
The important thing though is which person is compensating the botnet's masters and the time he's doing so. Nonetheless, everything about Rustock and Harnig relationship is pretty different. These two botnets have had an association for a long period. Over the past 24 months, Rustock has spread via Harnig nearly every time. Rarely has it happened that Rustock utilized any other contamination medium alternatively pay-per-install network for multiplying and spreading itself.
Furthermore, FireEye says, the infrastructure of Harnig when contrasted with Rustock was greatly broad. For instance, some 45% of the C&C servers Harnig had were Russia based, while it was 4% within China. Incidentally, both these countries are understood as having its hosting services highly bulletproof.
Additionally, Harnig had a client list that was much longer than that of Rustock. Says FireEye, Harnig was observed as disseminating PC trojans such as Ertfor, Zbot or SpyEye.
It outlined that immediately following the shutdown, Harnig's masters, however, wiped out every C&C server of the botnet.
Remarking about this development, Security Research Engineer Atif Mushtaq at FireEye stated that he was extremely astonished about it. Blog.fireeye.com reported this on March 22, 2011.
Mushtaq further stated that Harnig botnet apparently had no immediate risk, as nobody was really considering taking it down. However, since the Rustock and Harnig bot-herders were extremely closely associated, an attack against Rustock alarmed the operators of Harnig, which prompted them to become inactive for sometime, the research engineer added. Softpedia.com reported this on March 23, 2011.
» SPAMfighter News - 04-04-2011