 |
| How to Stop Spam |
The credentials can be used by Waledac’s operators to trick servers into authenticating the botnet and allowing it to bypass security protocols and carry out junk-mail campaigns. Researchers also found about 124,000 logins and passwords for file-transfer protocol (FTP) servers, which facilitate large-scale file sharing. Waledac’s resurgence came as a surprise to analysts. Insights into Waledac 2.0" portends ominous spam skies ahead.
If you consider Waledac to be Storm Worm 2.0, this looks like it could be version 3.0 or at least Waledac 2.0. The new batch of malicious Spam discovered by Shadowserver uses holiday related messages that link to compromised domains or newly minted URLs hosting Malware. First there are Fluxed domains. Adding to Shadowserver’s findings are the details from Last Line’s blog post this week. Researchers for Last Line were able to examine the botnet code and discovered 123,920 FTP account credentials.
This discovery, the blog reasoned, shows the ability for a higher quality spam run, which will bypass traditional spam protections. Last Line also discovered newly infected nodes connecting to a bootstrap Command-and-Control server. “The bootstrap server speaks a proprietary protocol known as ANMP, and disseminates a list of router nodes (other compromised hosts) to infected machines. Better to be prepared is the tone of Last Line’s blog post.
The login credentials to the FTP servers are a key part of Waledac’s operation. Waledac’s resurrection followed legal maneuvering by Microsoft, which won a decision against the botnet’s masterminds last September. Researchers also discovered 500,000 stolen passwords for POP3 e-mail accounts.
These credentials are known to be used for “high-quality” spam campaigns, Stone-Gross wrote in a blog post. “In addition to the compromised credentials, we also had visibility of newly infected nodes connecting to a bootstrap Command-and-Control (C&C) server,” he blogged.
“The bootstrap server speaks a proprietary protocol known as ANMP, and disseminates a list of router nodes (other compromised hosts) to infected machines. “The Waledac botnet remains just a shadow of its former self for now, but that’s likely to change given the number of compromised accounts that the Waledac crew possesses,” Stone-Gross wrote.
By. How to Stop Spam
Tidak ada komentar:
Posting Komentar