Barracuda.A Bot Infects A Large Network of PCs To Initiate DDoS Attacks
PandaLabs has found a new Barracuda.A bot that has infected nearly 15,000 PCs. The malicious code enables its developers to initiate a DDoS (Distributed Denial of Service) attack from any of the infected computers. Net-security reported this on May 17, 2007.
A DDoS attack is launched from a number of computers simultaneously to collapse other PCs. When this happens users are usually unable to access a particular website.
PandaLabs has detected 'Zunker' - an application that cyber crooks use to control zombie or compromised computers in a botnet. At the time PandaLabs discovered the program it was managing a large network of computers in 54 countries.
The Zunker plants another bot called Bck/Barracuda.A, which helps to launch DDoS attacks that convert infected PCs into proxies.
Cyber crooks find DDoS attacks an excellent way to earn economic benefits. Some even use such networks to blackmail businesses using the Internet. Hackers demand ransoms from targeted companies for not launching an attack that could crash its computers, explains Luis Corrons, technical director of PandaLabs. Pandasoftware published this as news, May 17, 2007.
Sometimes the Barracuda.A bot also uses the affected computer as a proxy. With this a hacker could launch other types of attacks such as sending out spam, illegally accessing other computers etc. from behind the affected PC.
By using the computer as a cover, cyber crooks are able to hide their activities on the Internet. They use the IP address of the hijacked PC to save secret data on a particular FTP server. They also use it to move money illegally from one account to another. By manipulating a kidnapped computer to perform criminal activities the cyber crooks leave no traits to track them down, Corrons explained. Pandasoftware published this as news, May 17, 2007.
By installing a console on a server, it is possible to remotely manage a network of computers. The console has a statistics zone, which shows the bot's effectiveness or the existence of its numbers at any point in time. With this console users can specify the IP addresses of the computers about to crash or the time span of the attack.
Related article: Barracuda Networks Caution Against IRS & CRA Spoofed phishing E-mails
» SPAMfighter News - 24-05-2007