Saliently Sality Botnet Trapped Scanning IPv4 Address Space
A little bit famous botnet-Sality for locating vulnerable voice-over-IP (VoIP) servers has been controlled towards finding the entire IPv4 address space without alerting, claimed a new study, published by Paritynews.com on October 10, 2012.
Sality is a piece of malware with the primary aim to infect web servers, disperse spam, and steal date. But the latest research disclosed other purposes of the same including recognizing susceptible VoIP targets, which could be used in toll fraud attacks.
Through a method called "reverse-byte order scanning," sality has administered towards scanning possibly the whole IPv4 space devoid of being recognized. That's only the reason the technique uses very less number of packets that come from various sources.
The selection of the target IP addresses develops in reverse-byte-order increments. Also there is large amount of bots contributing in the scan. The conclusion is that a solitary network would obtain scanning packets 'diluted' over a huge period of time (12 days in this case from various sources," University of California, San Diego (UCSD), claimed one of the researchers, Alistair King, as published by Softpedia.com on October 9, 2012.
According to Alberto Dainotti claimed that it's not that this stealth-scanning method is exceptional but it's the foremost time that such an happening has been both noticed and documented, as reported by Darkreading.com on October 4, 2012. Many other experts hold the faith that this manner has been accepted by other botnet. Nevertheless the team at UCSD is not aware of any data verifying any event like this one."
According to David Piscitello, Senior Security Technologist at ICANN, this indeed seems to be the foremost time that researchers have recognized a botnet that utilize this scanning method by employing reverse-byte sequential increments of target IP addresses. The botnet use classy 'orchestration' methods to neglect detection. It can be simply stated that the botnet operator categorized the scans around 3 Millions bots for scanning the full IPv4 address space through a scanning pattern that disperse coverage and partly cover, but is improbable to be noticed by present automation," as published by darkreading.com on October 4, 2012.
Related article: Sealand Refuses P2P Network, But Offers Asylum To Hackers
» SPAMfighter News - 18-10-2012