Tuesday, March 3, 2009

Botnet Turfwar - Zeus Crimeware Kit Vulnerability

Botnet turfwars are nothing new. People have been hijacking other peoples botnets for several years, even back in the IRC botnet days. You could easily grab a chunk of a competitors botnet if you were able to get access to their IRC channel and, after determining the command set of the bots, issue an update command pointing at your own bot.

But, with tools such as Zeus and Firepack, it may be even easier to grab a botnet and all of the stolen data which was obtained by the bots prior to you jacking another guys bots.

Dancho Danchev, in his post about a Zeus Kit vulnerability, and another, citing an example of how an actual bot master lost much of his botnet, explains how some of these new kits might open up a flood gate of botnet jacking activities.

Just like how botnets take over thousands of machines which run outdated OSes and software, competing bot masters are taking over thousands of bots on potentially hundreds of nets which are running outdated command and control servers.

Although some people would wonder why an attacker would hack another attacker, it actually makes perfect sense. The malware business is exactly that, a business. Bot masters make real $$$ by spamming or stealing information with their bots. If you can jack another dude's 100k node botnet and double your own profits, why wouldn't you?

It will be interesting to see how this trend progresses. If a certain toolkit becomes more popular, but also is poorly coded, it could lead to some very amusing battles :)

1 comment:

  1. Thank you for sharing this information.
    Every computer system is vulnerable by default because no one can predict all the hacking combinations. The best way to prevent data theft are data room virtual services.

    ReplyDelete