Tag Archive for botnet

Conficker Virus Begins To Attack PCs

I was reading about the Conficker virus on Shawn’s Technology Blog. He says that a report from Reuters says the Conficker virus — which was supposed to activate on April 1st — has slowly started activating on computers by installing spyware and turning them into spam servers.

Conficker is also known as Downadup and Kido, and it also installs a second virus called Waledac.

Reuters mentions how the computer worm began spreading late last year, and how it was designed to respond to commands from a remote server. This army of slave computers infected with the worm controlled by a remote server is called a botnet.

Furthermore, Vincent Weafer, a vice president with Symantec Security Response, makers of Norton Antivirus, has reported that recently the unknown controllers of this remote server have begun using a small percentage of the computers they control to upload ‘malware’ and ‘spyware’. One such piece of malware is the Waledac virus which installs itself on the infected computer, and then uses the computer to send out spam email messages promoting a fake anti-spyware program.

Meanwhile, Shawn’s technology Blog is very wisely recommending that computer owners keep your Windows software up to date by visiting the Windows Update web site. He also recommends you install anti-spyware software such as PC Tools Spyware Doctor. I strongly agree with his recommendations, and have done so frequently in this blog. I also recommend you install an antivirus program such as Alwil’s free Avast! antivirus program. Yes, you read that correctly, Avast antivirus is free. I have been using it on all my computers for several years now.

http://www.pctools.com/free-antivirus/

There is a free version of Spyware Doctor available from Google which does a good job of removing spyware, but for real time protection against spyware you should purchase Spyware Doctor. If you don’t have an antivirus program, you might also consider downloading Spyware Doctor with AntiVirus.

Have a question about spyware or viruses? Then why not post a Comment or Question with the link below.

Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with Skylarking’s email form.

Share

33 percent of all spam ended yesterday

Sort of….

The FTC (Federal trade Commission) won a preliminary legal victory against the world’s largest spam gang  by persuading a Chicago Federal court to freeze the gangs assets and to order their spam network shutdown.

The spam gang, known by spamfighting agencies as HerbalKIng, had a networks of 35,000 computers which which could send out 10 billion spam messages a day.  Many of these computers were owned by people who didn’t know their computers had been remotely commandeered to send email on behalf of the spammers.  The network had ties in the United States, China, India, New Zealand, and Australia. The network was referred to as the “Mega-D Botnet”.

If you’re unfamiliar with the term “botnet, here’s an explanationation from SearchSecurity.com:

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.

The network was purportedly responsible for a third of all spam at one point, and had been collecting $400,000 in Visa charges in one month.

The spammers had been sending messages hawking various pharmaceuticals and male-enhancement drugs. The charges brought against them are more than just spamming counts, but the charges also include making false claims about their product, selling pharmaceuticals without a prescriptions or doctor’s intructions, and selling drugs from countries such as Indie which aren’t regulated or approved for sale in the US.  Many of the drugs being sold had harmful side effects.

The FTC’s investigation aginst this organization had been ongoing for over 2 years.

Here’s a bio about HerbalKing from Spamhous spamfighting organization:

HerbalKing is a massive affiliate style spam program for snakeoil Body Part Enhancement scams (penis enlargement). It has also done spam campaigns for replica luxury goods, pharma (counterfeit pills) and porn. Spam arrives via botnets with spamvertised sites on “bulletproof” hosting offshore, particularly in China. The group also uses fast-flux hosting, running sites on hacked botnet PCs.

HerbalKing, with connections to India (possibly due to pharmaceutical supplies), rivals the traditional Eastern European spam gangs for volume and criminal botnet methods of its spam. “Tulip Labs” appears to be the source of HerbalKing’s herbal remedy products. The main operation may be run out of New Zealand or Australia by long-time spamming brothers Lance & Shane Atkinson. (see: http://www.geekzone.co.nz/juha/2237 )

There are hundreds of SBL listings related to HerbalKing but some may not be linked to this ROKSO due to the tremendous number of identities and domains used by the program. Lists of domains should be considered examples of that abuse of domain name space, not comprehensive lists of their registrations.

Read more at the FTC‘s web site; the NY Times; and the ars technica web site.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Share