The Italian Honey Project » Botnet 2.0

Another botnet that uses Twitter as C&C

marco.riccardi — Wed, 15 Sep 2010 14:50:18 +0000

Security researchers have discovered another botnet that uses Twitter as a command and control channel.Malware-infected drones in the Mehika Twitter botnet, active in Mexico this summer, take instructions from a Twitter account maintained by hackers instead of conventional command and control servers. The use of Twitter as a botnet command channel was first detected in August 2009 before similar techniques were applied to abuse Facebook profiles as command channels a few months later in November.

via Mexican Twitter-controlled botnet unpicked • The Register.

Social networks used as C&C server – Facebook?

marco.riccardi — Thu, 22 Jul 2010 07:20:23 +0000

Brazilian Banker is a financial Trojan that targets consumers of Brazilian-based banks and other banks in Latin America. The Lab recently traced a social network profile that contained encrypted instructions for a variant of the Brazilian banker Trojan

via Speaking of Security… | Blog Entry: RSA FraudAction Research Lab | Cy: 1684.

After google groups and twitter , here is another example about how a social network (probably Facebook) is being (mis)used by bot headers for issuing commands to their zombies.

Mobile-based Botnet built by researchers leveraging the Google Android’s App Market

marco.riccardi — Tue, 22 Jun 2010 15:34:24 +0000

In a talk at the hacker conference SummerCon last Friday researcher Jon Oberheide gave a demonstration of just how easy it may be to infect large numbers of phones running Google s Android OS with hidden software that turns the devices into a zombie-like “botnet” under the control of a cybercriminal–particularly if that software associates itself with a phenomenon as popular and tween-entrancing as the upcoming Twilight Eclipse film.

via Researcher Builds Mock Botnet Of ‘Twilight’-Loving Android Users « The Firewall – Forbes.com.

Guidelines for ISP for facing Botnets

marco.riccardi — Mon, 07 Jun 2010 07:52:00 +0000

Very interesting initiative from the Australian IIA.It should be adopted by any ISP in the world . I would like to underline the “e” point , because it highlights the importance about collaborative actions against cybercrime.

e) Developing mechanisms for ISPs to share information and collaborate about
cyber security compromises and developments affecting other Australian ISPs.

Internet Industry code of practice

Twitter®-Controlled Botnet SDK At Large

marco.riccardi — Tue, 25 May 2010 09:07:41 +0000

BitDefender has released an emergency update to protect against a potential pandemic caused by the emergence of a botnet self-development kit controllable via the popular social media service Twitter®. In order to create their custom bot, an attacker only has to launch the SDK, enter a Twitter username that would act as a command & control center and modify the resulting bot’s name and icon to suit their distribution method.

via Twitter®-Controlled Botnet SDK At Large – Malware City Blogs.

Nice report,take a look at the video below:

Twitter botnet

Botnet as a service

marco.riccardi — Tue, 25 May 2010 08:22:07 +0000

Cyber criminals are renting out their botnets for just £5.99 an hour, enabling unskilled crooks to launch DDoS attacks.

[...]

They found the herders used many of the typical advertising tools to attract people, from banner advertising to forum marketing, and then charged just under £45 for a full day of botnet attacks capable of taking down websites and applications.

via Cyber criminals charge just £6 for access to a botnet | IT PRO.

Cracking Down on Botnets – Microsoft against Waledac

marco.riccardi — Thu, 25 Feb 2010 20:15:36 +0000

The takedown of the Waledac botnet that Microsoft executed this week – known internally as “Operation b49” – was the result of months of investigation and the innovative application of a tried and true legal strategy.

[..]

In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.

[..]

This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world.

via The Official Microsoft Blog – Cracking Down on Botnets.

Well done.

Zeus “in-the-cloud” – CA Security Advisor Research Blog

marco.riccardi — Thu, 10 Dec 2009 14:36:01 +0000

A new wave of a Zeus bot (Zbot) variant was spotted taking advantage of Amazon EC2’s cloud-based services for its C&C (command and control) functionalities.

via Zeus “in-the-cloud” – CA Security Advisor Research Blog.

[The Register] Bot herders hide master control channel in Google cloud

marco.riccardi — Sat, 21 Nov 2009 16:41:41 +0000

Cyber criminals' love affair with cloud computing just got steamier with the discovery that Google's AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers.

The custom application was used to relay download commands to PCs that had already been infected and made part of a botnet, said Jose Nazario, the manager of security research at Arbor Networks. Google shut down the rogue app shortly after being notified of it.

via Bot herders hide master control channel in Google cloud • The Register.

Really interesting article about new botmaster techniques regarding botnet management, explained by Jose Nazario. The are some linked articles about using Facebook and Twitter for the same purpose.