The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Symantec & F-Secure go botnet?? No, not really of course.

    Discussion in 'Security and Anti-Virus Software' started by Baserk, Jan 15, 2009.

  1. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Security software firms Symantec & F-Secure have reported on the biggest and newest botnet sofar.
    Where the Storm botnet (2007) had about 500.000 to 1 million infected computers under it's control, throwing up 20% of worldwide spam at it's height and the Srizbi botnet (2008) 500.000 zombies spewing out 60% of all spam, the newest botnet, builded with the Conficker/Downadup worm, has an estimated 3.5 million zombies under it's control, today.
    They've grown 1 million since yesterday...

    Symantec and F-Secure have been able to set up some domains where part of the botnet has reported to and have analyzed it.
    The Conficker/Downadup worm uses an algorithm that produces domain names on a daily basis which it then tries to connect to.
    The malware writers need only to register one of these domains and throw up a corresponding website the day before, making it dificult to hunt down those domains, and wait until the hundreds of thousands of zombie computers report to them, waiting for orders.
    China, Brazil and Russia are most affected sofar.

    Keeping your OS up-to-date, having a decent password and being vigilant when it comes to removable media (Disable ' Autoplay'!), is enough to stay clean from this pest.

    The Conficker/Downadup worm is explained by SANS Internet Storm Center here.
    Check the Symantec response blog here
    Check the F-Secure report here.
    Cheers.
     
    Baserk, Jan 15, 2009
    #1
  2. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Social engineering tricks are often used to 'sucker' users into installing malware.
    The current Conficker/Downadup worm uses this trick also and it has been able to infect both Win2000, XP, Vista and Windows 7.

    As explained on this F-Secure page, it tries to copy itself to removable media also.
    If you would have an infected USB stick and you would stick it into a Windows 7 running computer, you would see this 'Autoplay' screen;
    [​IMG]
    (screen from F-Secure weblog)

    Notice that the first highlighted option, while the text next to the folder icon says ' Open folder to view files', will install/run the Conficker/Downadup worm.
    Depending on your security software, this install attempt will be blocked but more important is to understand that ' Downadup attempts to disguise the installation option as an open folder action'.

    So, even while Windows 7 is pretty new, current new malware is already using Win 7 look-a-like screens for social engineering purposes.
    Just a heads up for all enthousiastic Win 7-beta users.
    Cheers.
     
    Baserk, Jan 20, 2009
    #2