Fortinet Reports Reappearance of Torpig Network of Bots
Fortinet a major provider of network security declared its March 2011 Threat Landscape Research in April 2011 according to which, the Torpig botnet has re-emerged, while being responsible for 30% of all fresh botnet activity. Reportedly, the majority of C&C servers of Torpig that were detected traced to Sudan and Russia.
In contrast, the Hiloti botnet was responsible for approximately 15% of fresh botnet traffic, most of which originated from Sweden and Australia.
Remarking about this development, Senior Security Strategist Derek Manky at Fortinet stated that the inflexible Torpig botnet had been into existence for years as also it characteristically proliferated via contaminated websites hosting the Mebroot rootkit, which contaminated a computer straight from the MBR (master boot record). Marketwire.com published this in April 2011.
Manky stated that frequently computers were contaminated with too many botnets or viruses, which could keep on dispatching spam as well as steal data even if one threat was eliminated.
As a result, other botnets that were behind massive spam during March 2011 were Mariposa (3.59%), Pushdo (3.04%), Waledac.Botnet (2.13%), ranking No. 3, 4 and 5 respectively.
Meanwhile, Bredolab.Botnet (1.76%), CMultiLoader (1.09%), Bredolab (0.73%) ranked No. 6, 7 and 8 respectively, contributing to fresh spam traffic, according to Fortinet's report.
Furthermore, the levels of spam kept on being lower at 30% compared to the mean rate ever-since the Rustock botnet was shutdown during March 2011. But although spam rates continue to be low, there hasn't been any significant fall in the total number of computers dispatching spam. And when the IP addresses of most of the computers were traced, the machines were found located in Brazil, USA and India. The Web-domains that sent the maximum spam were globalrxgift.ru and globalrxgeo.ru -both the most spam-generating domains in Russia that resolved to various Chinese servers.
Meanwhile, with spammers and bot-masters functioning prolifically within the cyber-crime world, a natural question is whether malware authors can remain silent. Hence, the most malevolent Trojan during March 2011 was W32/Bredo.K!tr (34.20%), while W32/Agent.LKJZ!tr.dldr (24.41%), W32/Krap.AON!tr(22.83%), W32/BanLoader.ICE!tr (20.02%), W32/FraudLoad.HXV!tr.dldr (12.66%) comprised the other malicious programs that malware writers unleashed in their malware and spam attacks.
Related article: Fortinet Pinpoints Ten Biggest Threats
» SPAMfighter News - 21-04-2011