Technique for Shutting Down Sality Botnet Published on the Internet
On 28th March 2012, an online visitor who describes himself "lawabidingcitizen" published one strange request onto a forum called 'Full Disclosure security mailing list,' an online platform where security players interact, thus published h-online.com dated March 28, 2012.
The request related to letting Sality the botnet off shutdown. That's because according to the contributor, he'd discovered one technique for drastically lessening the PC-collection of the botnet post analysis. Besides, according to him, the usual activities involved were illegal; nevertheless, he described the technique elaborately as also developed special devices to get the job done.
Basically, the technique relates to exploitation of the upgrading utility of the botnet for inserting one scrubbing program which results in the automatic elimination of the Trojans out of the zombie PCs.
What's more, lawabidingcitizen penned down one Python script, which brings out an index of the domains with which the bot-malware is upgraded. When researchers put it to trial, the script indeed exhibited the domains, which installed malware. Virus-scanners (Ikarus, G Data and Avast) identified the Win32.Eldorado malicious program that bears an association with Sality.
Meanwhile, Operations Manager for the Security Response Team Liam O Murchu at Symantec studied the attack code published on Full Disclosure and indicated that the attack appeared authentic while incase carried out, there were possibilities of it working out, however, he wasn't sure if it'd be a successful closure alternatively simply cause certain malfunction to the system. TheRegister published this on March 28, 2012.
O Murchu further indicated that the attack sought for inserting one anti-virus inside the botnet, basically commanding for eradicating itself; however, that wasn't essentially the payload, which was available for use. Incase anybody wrote one personal exploit he could perhaps snatch control of the computers within the botnet followed with utilizing them in a variety of ways. Stealing computers through that mode was increasingly popular amongst the malware perpetrators, O Murchu stated.
And though there weren't any means for knowing the number of computers within the Sality botnet that continued to be vulnerable, O Murchu warned users against striking the botnet as it could prove a criminal offence.
Related article: Technique Of Image Spammer Has Changed
» SPAMfighter News - 05-04-2012