Ilomo - Botnet of Modern Era

According to the security company 'Trend Micro,' Ilomo represents a malicious program, which has been part of the e-threat scenario since the end of 2005. It is seen as an old component in the current stock of malicious software.

Over the years, Ilomo has been continually altering its code and ensuring that the malware's reverse engineering process is not facilitated. It also stays away from the detection systems.

Furthermore, Ilomo, which resembles the modular character of the Pushdo botnet, makes its actions hard to monitor.

Robert McArdle of Trend Micro explains via a blog post dated August 24, 2009 that Ilomo carries out its business scheme through two chief methods.

One is the long existing information stealing method, whereby Ilomo thrusts itself into the victim's web browser. It waits for the user to get logged on any of the more than 4,000 Web-mail, financial or banking websites. After that, it not only steals the credentials of the user but also takes advantage of the user performing a browsing session to transmit money from his account, a sheer ridicule of the protected login system of the banking site.

Additionally, Ilomo harvests the entire login data from the system such as those related to local administrators, web servers, ftp etc. With these, the malware disseminates itself to all other networked PCs, compromises the web servers and subsequently through them hosts the malware's newer versions.

The second method for Ilomo to earn money is through the sale of the 'service of anonymity,' whereby every computer infected with Ilomo behaves like a proxy that is used by cyber criminals for their illegal operations from various networks and geographical locations.

McArdle has estimated that Ilomo contaminates 68% of command-and-control servers in the USA. Other countries following the US are Germany (9%), Ukraine (4%), the Netherlands (3%) and Austria (2%). Moreover, Ilomo also infects the Czech Republic, Denmark, Brazil and China.

Based on these observations, Trend Micro therefore suggests that both business and non-business surfers of the Web should use a dedicated PC for their banking activities so that attacks from the Ilomo can be kept at bay.

» SPAMfighter News - 9/9/2009