 |
 |
 |
|
 |
 
Advisory: building the "Mother of all Bot Networks"?
Full Text: Delivered by Spam and by auto-replication through Penetration Testing (PenTest), trojans, worms, and viruses are the initial step to compromise large numbers of desktops in corporate and government networks, as well as home computers on broadband connections. Once compromised, these PC systems are operated as "bot networks", and used to deliver Spam (unsolicited commercial e-mails - UCE), along with more compromise tools, and to launch distributed Denial-of-Service (dDoS) attacks. In turn, Denial-of-Service attacks are then used by organized crime groups and potentially terrorist cells for extortion attempts and other agendas; the "bot" networks play a powerful tool as an effective weapon in these attack events. The number of average daily compromises of PC systems to be included in such "bot" networks was recently reported to have increased from 2,000 to 30,000 a day (in studies by Verisign and Symantec). A "bot" network of 100,000 systems was recently shut down by law enforcement agencies. Due to the nature of our business, to develop effective tools to defend against dDoS attacks, Melior operates monitoring services to observe and catalog attempts of compromise, Penetration Testing scans, and keeps track of Denial-of-Service attacks. A particular focus is given to the payload of Spam e-mails to aid Research & Development of another Melior CyberWarfare product against the Denial-of-Service conditions created by Spam. Within the last two days, the monitors reported quarantines of a drastically higher number of hostile executables embedded in Spam messages. From a typical, consistent average of under 50 such hostile attachments in one of these monitors, the number started to slowly increase on November 21st to about 5 times the normal average, and as of Saturday climbed to 12 times the average. As of Sunday, December 6th, the number of hostile executable attachments has reached the unprecedented level of 42.6 times the normal average, and keeps climbing. So far, the originating source IP addresses are located in Asia and Europe. Melior expects this number to increase further, as the business day in the United States starts on Monday morning. Updated at 0830 Central Standard Time (CST) on December 6th, 2004: The observation lends to conclude this pattern is an indication of renewed efforts to compromise larger numbers of PC systems in an effort to build a very large "bot" network; hence the term of the "mother of all bot nets". Melior advises to verify this information at other Internet monitoring sites, and to take appropriate precautions. About Melior Melior Inc. ('melior' is Latin and means 'better') is a privately held US company headquartered in Dallas, Texas, with offices in Dortmund, Germany and New Delhi, India. Melior provides solutions against distributed Denial-of-Service (dDoS) attacks, which also protect against Penetration Testing for vulnerability exploitation. Melior, Inc. contributes actively in anti-Crime and anti-Terrorism efforts with goverment agencies in the United States and in Europe. Barbican, Barbican RNP, iSecure, Perfectionists At Work are registered trademarks of Melior, Inc. For more information and reseller contacts, please visit Melior's CyberWarfare Defense web site at www.dDoS.com Contact Information: Mr. Matt Gair Chief Operating Officer and Co-Founder Melior, Inc. US Headquarters Columbus A. Langley Building 1501 Beaumont Street Dallas, Texas 75215 USA Tel: +1 (214) 421-5975 and 1-888-4MELIOR Fax: +1 (214) 421-5951 and 1-888-TOFAXUS www.dDoS.com |
|
© Copyright 1987 - 2006 Melior, Inc. - CyberWarfare Defense
Trade- and Servicemarks, Copyrights, and Patent-Pending Protection is effective in WTO countries.
v 07132013-2043 NetGroup GmbH Dortmund/MEZ