Treacherous Botnet MayDay Sneaks through US Companies
A new botnet of Peer-to-Peer (P2P) sharing type has been established that is even stronger and stealthier in infiltrating educational institutions, large enterprises, and ISP customers all mostly based in the US.
The botnet called MayDay can dodge leading antivirus systems and till now, has hijacked thousands of computers, according to computer security firm Damballa, which said that the botnet consists of 96.5% of infected systems in the US and 2.5% in Canada. In late 2007, Damballa first noted that MayDay would potentially overtake the Storm botnet.
According to Tripp Cox, Vice President of Engineering for Damballa, MayDay employs several techniques to execute communication with its bot-infected machines, including hijacking proxy settings of browsers. Darkreading published this on February 4, 2008.
Cox further said that the botnet is capable of communicating through the secure Web proxy of an enterprise and performing attack activities and updates - something unique to botnet operation.
The approach with Web proxy also shows that the bot infection is not randomly done. Cox said that writing bot malware that would use Web proxies clearly indicates that its targets are specific enterprise computers.
Also, it seems MayDay is spam driven. The researchers who are still engineering MayDay's encrypted messages to the reverse have discovered that the network is spamming mails and reporting its performance by reverting to its centrally-located command-and-control servers.
In addition, once the bots get infringed, it becomes possible to launch an undefined number of different kinds of attacks, including Distributed Denial-of-Service (DDoS) attacks. That other criminals hijack and commandeer these networks for their personal gain is also not new.
In the end week of January 2008, Marshal, vendor for computer security, warned that there was another botnet by the name Mega-D, which was spamming promotions of male sexual enhancement drugs. Marshal said that Mega-D superseded the much known Storm botnet to become the single largest producer of spam globally.
In a similar case, researchers at BifDefender have found a botnet that pushes out spam after appearing in early February 2008. The botnet has been luring people with promises of videos on celebrities like Britney Spears and Paris Hilton.
» SPAMfighter News - 13-02-2008