Trojan horse spreads quickly through Microsoft's IM - Linux

This is a discussion on Trojan horse spreads quickly through Microsoft's IM - Linux ; 11,000 PCs already infected...A new Trojan horse that started to spread early Sunday via Microsoft's instant messaging client has already infected about 11,000 PCs, a security company said Monday.... "We still haven't found what it's meant to do, but at ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Trojan horse spreads quickly through Microsoft's IM

  1. Trojan horse spreads quickly through Microsoft's IM


    11,000 PCs already infected...A new Trojan horse that started to
    spread early Sunday via Microsoft's instant messaging client has
    already infected about 11,000 PCs, a security company said Monday....

    "We still haven't found what it's meant to do, but at the moment, it's
    creating an army [of bots]," he said. "Eventually, of course, the
    operator will send commands to do something."...

    "This is really growing rapidly," said Lichtman. Six hours after it
    first found the Trojan horse, Aladdin put the total number of
    assembled bots at about 500; three hours later, that had climbed to
    several thousand. By 12:30 p.m. EST Monday, the botnet had been built
    out to 11,000 machines.



    http://www.computerworld.com.au/inde...4194304;fpid;1

  2. Re: Trojan horse spreads quickly through Microsoft's IM

    ____/ nessuno@wigner.berkeley.edu on Tuesday 20 November 2007 22:23 : \____

    >
    > 11,000 PCs already infected...A new Trojan horse that started to
    > spread early Sunday via Microsoft's instant messaging client has
    > already infected about 11,000 PCs, a security company said Monday....
    >
    > "We still haven't found what it's meant to do, but at the moment, it's
    > creating an army [of bots]," he said. "Eventually, of course, the
    > operator will send commands to do something."...
    >
    > "This is really growing rapidly," said Lichtman. Six hours after it
    > first found the Trojan horse, Aladdin put the total number of
    > assembled bots at about 500; three hours later, that had climbed to
    > several thousand. By 12:30 p.m. EST Monday, the botnet had been built
    > out to 11,000 machines.
    >

    >
    >
    > http://www.computerworld.com.au/inde...4194304;fpid;1


    The criminals need more powerful botnets. They'll love Vista. It requires some
    decent hardware. ;-)

    --
    ~~ Best of wishes

    Steve Ballmer is even monkier than his moniker suggests
    http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
    Cpu(s): 25.7%us, 4.2%sy, 1.0%ni, 64.7%id, 4.0%wa, 0.2%hi, 0.2%si, 0.0%st
    http://iuron.com - semantic engine to gather information

  3. Re: Trojan horse spreads quickly through Microsoft's IM

    In comp.os.linux.advocacy, nessuno@wigner.berkeley.edu

    wrote
    on Tue, 20 Nov 2007 14:23:59 -0800 (PST)
    <48bbf37b-4a5a-4e15-a251-7836ef085641@d27g2000prf.googlegroups.com>:
    >
    > 11,000 PCs already infected...A new Trojan horse that started to
    > spread early Sunday via Microsoft's instant messaging client has
    > already infected about 11,000 PCs, a security company said Monday....
    >
    > "We still haven't found what it's meant to do, but at the moment, it's
    > creating an army [of bots]," he said. "Eventually, of course, the
    > operator will send commands to do something."...
    >
    > "This is really growing rapidly," said Lichtman. Six hours after it
    > first found the Trojan horse, Aladdin put the total number of
    > assembled bots at about 500; three hours later, that had climbed to
    > several thousand. By 12:30 p.m. EST Monday, the botnet had been built
    > out to 11,000 machines.
    >

    >
    >
    > http://www.computerworld.com.au/inde...4194304;fpid;1


    Were I an evil blackhatted botmaker, I'd want a very
    general command set, which would among other things allow
    for the following.

    (If you're a real blackhat, Mister Reader, stop reading now. :-P :-) )


    Capabilities in the botnet that I'd want:

    [1] Targeting any machine in the world for a DDoS attack.
    - to specified port
    - to random port within a specified range of ports
    - various protocols: floodping, UDPs with random garbage,
    HTTP POSTs with random data, IM flooding, etc. (Anyone
    else remember IRC spanning tree netsplits?)

    [2] Torrent or other such participation, to provide
    additional bandwidth in the trafficking of illegal
    copyrighted materials. Want a Prince song? Some good
    old-fashioned pr0n? An expose on how to make an
    interstellar flying saucer with a fully functional
    nuclear attack ray gun from a broken toaster, a car
    tire, a light bulb, some sheet metal, and a pogo stick?
    Come on by! We've got them all...of varying quality.
    Just contact goons.evilh4x0rs-r-us.com ... erm, I mean,
    www.someveryniceguys.com with your credit card number
    or PayPal account and we'll send you the goods from
    thousands of bots. Oh, and we'll keep your credit
    card on file. Don't worry. You can trust us.

    [3] Downloading a list of email addresses from a central server.

    [4] Downloading a list of ads from a central server,
    and then sending them to the email list. After all,
    we have to generate traffic for #2.

    [5] Uploading a list of email addresses to the central
    server for later ad sending. This list would be
    generated from the downloaded list, rifled contact
    lists, and other such sources; the system could also
    indicate which of the addresses are known to be
    valid, increasing the master list's resale value.

    [6] Keylogging to attempt capture of accounts and passwords.
    These would also be uploaded.

    [7] Arbitrary shell command execution, if I can get it.
    (There's issues regarding NAT firewalls that make life
    interesting. Best I can do is poll the central server,
    or connect thereto and hold the connection open,
    awaiting instructions.)

    [8] Any other evil random crap that I for one can come up with;
    it just takes a bit of imagination. :-)

    Presumably, such a nasty little worm would have the address
    of its daddy somewhere within it (let's assume they don't
    make it that obvious), and the code to do all of the above
    on demand...but that's about it.

    And of course it would survive reboots and eradication attempts.

    (Fortunately, I don't wear black hats. I don't even have one.)

    --
    #191, ewill3@earthlink.net
    Useless C/C++ Programming Idea #2239120:
    void f(char *p) {char *q = p; strcpy(p,q); }

    --
    Posted via a free Usenet account from http://www.teranews.com


  4. Re: Trojan horse spreads quickly through Microsoft's IM

    [H]omer espoused:
    > Verily I say unto thee, that The Ghost In The Machine spake thusly:
    >
    >> [4] Downloading a list of ads from a central server,
    >> and then sending them to the email list. After all,
    >> we have to generate traffic for #2.

    >
    > This is likely the only real purpose of any botnet, since it's the only
    > one that generates cash (blackmail jobs aside). There are a few vengeful
    > types who would possibly splash out to hire a botnet for a rather
    > unprofitable (but satisfying) DDoS attack, but I'd imagine they are an
    > extreme rarity.
    >
    > So once again, I'd just like to extend my appreciation to Microsoft, for
    > making those Russian Mafia pharma gangster's lives so easy, and making
    > Microsoft user's migration away from Windows more essential by the day.
    >


    I would imagine a command line something like nmap and nc combined would
    be pretty good. In fact, a distributed version of nmap could be very
    handy for botnets.

    --
    | Mark Kent -- mark at ellandroad dot demon dot co dot uk |
    | Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
    | Cola trolls: http://colatrolls.blogspot.com/ |
    | My (new) blog: http://www.thereisnomagic.org |

+ Reply to Thread