Botnets Busy Cracking CAPTCHA to Open Accounts on Legit Websites

Several botnets are currently busy in attacking authentic websites by creating fake online communities and online accounts on them in a bid to steal the corporate information, as per the reports. This form of targeted assault by botnets has grown in popularity because of the convenience offered by the botnet tools to buy and use bots.

Cyber crooks can rent botnet for a day to launch DDoS attacks, sell rogue anti-virus software and send spam messages to unwary users through millions of compromised computers (zombies) for an amount as small as $9.

Merrick Furst, distinguished professor of Computer Science at Georgia Tech and a botnet expert, said that bots are displaying "en masse" to user-facing websites............purporting as people, as per the news published by darkREADING on June 1, 2010.

Furst further said that numerous bogus registrations (in thousands) are successfully getting through the current defense mechanisms to open accounts on legitimate websites.

According to David Crowder, CEO of security firm Pramana, his firm observes new bots, ranging from a couple of thousand to tens of thousands, per hour that registers on legitimate websites...............that reaches around 200,000 in a duration of 15 hours, as per the news published by darkREADING on June 1, 2010.

According to new revelations from Pramana, these zombies can steal information from those legit websites, either for the purpose of selling that information on the black market or for other purposes. Botnet operators are successfully cracking the CAPTCHA codes. The firm noticed 60% of zombies cracking the CAPTCHAs as well as other defense mechanisms in place at the website of one of the Fortune 100 clients.

Hundreds of botnets are there that are infected with one or more types of malware to solve the purpose of their masters............some of them are far more troublesome than the others.

One kind of attack involves a botnet used for extortion on websites such as Craigslist or eBay. Twitter and MySpace are some of the other websites that have been targeted.

Rick Howard, director of intelligence at iDefense, stated that companies should be cautious of the fact that their confidential online services and applications could be accessed within 24 hours by a criminal renting services offered by bot herders, reported InformationWeek on May 28, 2010.

Related article: Botnet Misuses Google Analytics

» SPAMfighter News - 6/11/2010