[ISN] Evil Trojan twins control most of world's botnets

From: InfoSec News (alerts@private)
Date: Fri Apr 13 2007 - 00:28:15 PDT


http://www.vnu.co.uk/vnunet/news/2187626/evil-trojans-twins-control

By Clement James
vnunet.com 
12 April 2007

Two types of Trojan are responsible for the control of most botnets 
worldwide, a security firm revealed today.

The Sdbot and Gaobot malware groups were responsible for 80 per cent of 
detections related to bots during the first quarter of 2007, according 
to PandaLabs. Other culprits, although on a much lesser scale, included 
Oscarbot, IRCbot or RXbot.

Bots are automated worms or Trojans that install themselves on computers 
to carry out certain actions automatically, such as sending spam and 
turning the compromised computers into zombies. Botnets, or networks 
made up of computers infected with bots, have become a lucrative 
business model.

"This dominance is not so much due to any special features of Gaobot or 
Sdbot, but simply because their code is much more widely available on 
the internet. This means that any criminals that want to make a bot can 
simply base it on the source code of these threats, making any 
modifications they choose. Essentially, this saves them a lot of work," 
said Luis Corrons, technical director of PandaLabs.

In 2006, bots accounted for 13 per cent of all new threats detected by 
PandaLabs. Of those, 74 per cent belonged to the Sdbot and Gaobot 
families.

Until now, most of them were controlled through IRC servers, which 
allowed attackers to send orders while hiding behind the anonymity of 
chat servers, however, now there are bots that can be controlled through 
web consoles using HTTP.

"Control through IRC is useful for controlling isolated computers. 
However, this system is not so useful when it comes to botnets. By using 
HTTP, bot herders can control many more computers at the same time, and 
can even see when one of them is online or if the commands have been 
executed correctly," added Corrons.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Fri Apr 13 2007 - 00:46:38 PDT