Bot Builds Spam - Spreading Zombie Army

As per the revelations of a security research firm, a malicious bot launched attacks on Windows PCs over the previous week. It used a bug, which Microsoft had earlier identified to its advantage targeting machines to join the army of zombies by spewing spam in the network.

Bot refers to a computer that is under remote control of somebody else. When the computers are in a group of thousands or millions under somebody else's control, it is a bot network. Of late criminals more than hackers are likely to be controlling bot networks. Their motive being monitory gains is the important difference. Networks are used to send phishing emails and other spam. They are used for click fraud.

The bot herder using the machines can do plenty. Programming can be done for sending spam or attacking websites in masses to make them go offline. Displaying pop-up ads, downloading new content or updates to the infected machine, logging keystrokes, stealing passwords, almost anything is possible for the bot herder. Generally the aim is to gain control of computers and computing resources.

LURHQ corporation, Chicago-based security services company posted a research report on its website. It stated that Mocbot latest version known as Graweg and Wargbot, took advantage of the vulnerability. Mocbot is an IRC bot capable of spreading due to the loophole in Windows Plug and Play service (MS05-039).

The Windows Server service vulnerability patched by Microsoft in its security bulletin MS06-040 is considered to be one of the most damaging types. Many security analysts foresaw an attack on unpatched PCs to begin very soon, maybe even over the weekend.

With the help of a sandnet tool, a simulated Internet was set up for malware to move about without harming real system. This enabled LURHQ to scout the commands or control instructions given to Mocbot either from its controller or from the bot herder.

Ever since the outbreak of Mocbot/Wargbot on the Internet, most security vendors and experts gave a low ranking to the threat. A network-aware worm, Wargbot can gain an IRC backdoor entry on the infected computer. Its spread is enabled by exploiting the vulnerability of the Microsoft Windows Server Service Remote Buffer Overflow.

Bot networks will remain as long as vulnerabilities exist on networked computers. In the present scenario the possibility of a respite is low. It is a natural side effect of bugs in a computer network.

Related article: Bot Operator Infects Rubbermaid Computers And Sentenced to Prison

» SPAMfighter News - 8/24/2006