New Sophisticated Botnets Discovered

It seems like botnets are getting more sophisticated – we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected

Researchers have unearthed two previously undetected botnets that exhibit sophisticated new capabilities that could significantly advance the dark art of cyber crime.

One of them, dubbed MayDay by security firm Damballa, uses new ways to send and receive instructions to infected machines. One communication method uses standard HTTP that is sent through an organization’s web proxy. That allows the malware to circumvent a common security measure employed by many large companies.

Indeed, Tripp Cox, vice president of engineering and operations at Damballa, says he’s observed MayDay running inside some of the world’s most elite organizations, including Fortune 50 companies, educational institutions and ISPs. (He declines to identify them by name.)

It seems like the numbers are nowhere near as high as Storm, but with this advanced technology it might be hard to count. This new worm spends a minimal time connected to the control channel to ensure it avoids detection.

Some big (and important) companies have fallen victim to this, so they could be getting hold of some seriously juicy info.

The botnet also uses two separate peer-to-peer technologies so zombies can stay in touch with each other, presumably as a back-up measure in case the central channel is disconnected. One protocol communicates using the internet control message protocol (ICMP) and the other uses the transmission control protocol. The ICMP traffic is obfuscated so it’s indecipherable to the human eye. Damballa researchers are still working to figure out exactly what kind of information is being transported over the channel.

Up until now, the zombie army popularly known as Storm has been the 800-pound gorilla of the botnet underground. Having recently marked it’s one-year birthday, it is believed to comprise about 85,000 infected machines. It was responsible for about 20 percent of the world’s spam over the past six months, according to MessageLabs, which provides email and web filtering services to more than 16,000 business customers.

I would guess however the aim of these newer more sophisticated botnets is not for spamming, they should have something more nefarious in mind. Perhaps extortion, insider trading or even terrorism.

Who knows?

Source: The Register

Posted in: Malware, Spammers & Scammers

, , , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

19 Responses to New Sophisticated Botnets Discovered

  1. Ian Kemmish March 3, 2008 at 7:32 am #

    One “different” use I’ve seen for botnets over the past year is the posting of huge numbers (tens of thousands) of fake profiles on social sites. They’ve been honing their art on a Russian social site I frequent. Couple that with’s chatty robot, that allegedly is very good at persuading people to hand over sensitive information, translate the whole lot into English, and you could have a very profitable network that requires minimal human intervention to phish for large amounts of money.

  2. James C March 3, 2008 at 10:02 am #

    People in anti-v industry the aren’t that impressed

  3. zupakomputer March 3, 2008 at 6:44 pm #

    I have to agree with the article comments: spam-mails just don’t seem potentially that profitable an enterprise to be able to employ people with such advanced skills to write the code and monitor it securely and so forth.

    Not that I care anyway; I’ve just been through about the worst interview of my life (I was asked to apply, hence why I’m so fucking angry) there with a ‘normal’ company and frankly I’d be very happy to join in with anything that wiped their kind out entirely or used their rotting carcass corporations for other means.

  4. ZaD MoFo March 3, 2008 at 6:49 pm #

    A Botnet need a tiny breach to enter – Maybe the friend of your friend is not who you might expect.

    n-phase attack by congruence of data seems more the common tactic nowaday. Firewalls and proxys, being the first line of defence, cant stand against a mole that silently gather data and send to the BotMaster, digest of one’s system. Exploitation of social network data, and the technique of using a familiar face – contact, to gain access is on the rise. Have you received an email by someone of your social network that had a “mispeled@myfriend” VS. mispelled@myfriend id. ?

  5. Pantagruel March 3, 2008 at 8:30 pm #

    @ZaD MoFo

    True, in the ‘past’ botnet expansion relied on distributing your trojaned app, keygen/cracks and alikes (the bot herders all know what we want) where very popular.
    People now know about this and tend to look for such stuff from a ‘known’ source or atleast scan it with several AV packages. The problem is that this source can sometimes be a friend of a friend (actually someone unknown to you) whom is no friend at all but just some bot which, like Ian Kemmish already mentioned, has gather info from assorted social sites (facebook,hyves,whatever) and is putting his/her money on the fact that you will want some sweet software for little or no cost at all. The human in the equation can sometimes be quite gullible or just to eager to accept a slight variation to a theme as being good enough. Zad MoFo has a point there with the typo’s people brians tend to correct without properly thinking about it.

  6. Bogwitch March 3, 2008 at 9:59 pm #

    Sounds like you’ve had a bad day today!
    I’m getting pissed off with job hunting myself but I’m not event getting to interview – I recon my CV must be abysmal so I’ve just added two pages to it listing key achievements and technical experience: I noticed it was missing! Maybe that’s why I was getting knocked back!

  7. eM3rC March 4, 2008 at 3:15 am #

    Botnets have really come a long way over the last coupe of months. It seems like the Russians (botnet masters I believe) are honing their skills. I wonder what the next gen bot will be not that they dont directly connect to the host.

    Good luck Pantagruel! Hope you win the posting competition this month!

  8. Pantagruel March 4, 2008 at 10:41 am #

    Thanks eM3rC! you really spammed ;) us with your remarks

  9. zupakomputer March 4, 2008 at 1:53 pm #

    I’ll start doing this @ thingy:


    It wasn’t just me….this techie helpdesk place asked our college for students doing techie courses to come and hear about job positions, they talked it all up (it actually sounded pretty good) – and to cut a long story short the subsequent phone interviews bore no relation to a damn thing we were told.
    It’s the usual – you get knocked back by interviewers that aren’t even as qualified as you are. I’ve had it happen a lot, this kind of rubbish – and it’s always for low-level jobs.
    They say, so they do, that’s there’s tonnes of jobs in IT……I’ve yet to find even one I can apply for.

    I have to say I find this world gets increasingly more like the ‘matrix’ with each passing day, and I really feel like the bots that need to be worried about are already masquerading as people, offline.
    It used to be there’d be real people to talk to at an interview and the like….

    @eM3rC: btw congrats on your post wins for last month! I imagine the goods will be online for only a short time for download, and you must use a special one-time key to get access [insert smiley here, looking in first one difection, then the other]…

  10. eM3rC March 4, 2008 at 11:21 pm #

    Remember Pantagruel, there were many, but they were insightful ;)

    Good luck to you as well!

    Pantagruel has been deserving of the award for top commenter for a while now so I had to give him kudos because it.

    Anywho, There have been a lot of comments about people becoming more and more machine like. I beg to differ and say we are becoming more and more dependent on electronics. There was an article (in Wired I believe) about how people are relying on computers to remember everything for them and without them would be left without any form of communication, entertainment, or other vital information like phone numbers, addresses and such.

    Just a slight digression for this part. What do you think of AI. I personally don’t mind machines that are somewhat smart, but anything that can learn and potentially become more intelligent than a human kind of scares me. The book Prey is an excellent example of this (one of my favorites, recommended read!), as pretty much half the sci-fi movies ever made (Matrix, I Robot, AI, etc).

    In conclusion, thank you zupakomputer for the props and I know you will win sometime soon (this month or next month so good luck with that). Good luck Pantagruel, you are deserving of the award because of your constant community support.

    Keep the discussions going!

  11. Pantagruel March 5, 2008 at 11:49 am #

    True, i bow down ;) I seem to be getting close, but not close enough.

    Absolutely true, we have become so dependent that for the most trivial tasks we need either a calculator or a computer (the past few batches of students are not able to perform basic calculus).

    I have to admit I’m guilty as well, I have become dependent on my pda which acts as agenda/notebook/etc. I got more than frantic when it stopped working (it would not accept input anymore), but was able to sync all data from it. You don’t get this kinda behavior from a blocknote and a pencil.

  12. zupakomputer March 5, 2008 at 5:31 pm #

    re: the comments – indeed, I am just new here, they’ll be other folks in line for comments prizes that have been commenting for ages!

    On AI – it depends…..I’m not worried so much about computers outperforming people, which they do already in certain areas anyway (anything that involves maths, or that can be expressed in numbers and operands – with the exception of creating new formulas and the like) – but they only do so because a human has designed the hw and the sw that runs on it,

    so I’d tend to agree that it’s more about becoming more dependant upon electronics and machines. I reckon the best way to run a country / world (in terms of economics and related) is to have a structure that works even in the event of no or little power sources, that doesn’t rely on machines, and then build the machine part on top of that.
    But sadly, the spectre of past world wipeout disasters and the possible return of having to figure out how to start a fire that followed it
    (refering to all those ancient sites around the world that are in ruins, and how half or more of them we still couldn’t build today anywhere near as well – a bit on the Atlantis side of things but what the hell), doesn’t seem to sink into the folks that get to build the basis of what everyone else in the world relies on existing to get on with their everyday lives;

    if only society as a whole – the techy side of it – was backed-up the same way that most data is. They just don’t learn, ever.

    This is something I’ve long noticed was the case, but some years ago it became all the more obvious just how serious a problem it is – we here in the UK had a fuel shortage for a day – one day was all it took for enough people to panic so much, that almost every shop was then empty of the basics for everyday life survival, and because there was no fuel there were no deliveries able to be made.

    Now, if we had a sane thought-out infrastructure that couldn’t happen – because we’d be self-sufficient on the basics such as food anyway, water delivery wouldn’t be controlled by machines, homes would have their power generated on site or nearby and directly (by renewables etc), compost toilets would be used instead of sewage systems, and well the point being – even if everything mechanical and electrical failed, the basics would be unaffected.

    But they never designed it properly to begin with. It holds true for probably most other countries too these days. Sad sad state of affairs.

    I really do think that had the industrial revolution happened properly, we’d have lunar colonies and the like already that we’d use for mining purposes and as bases to launch other missions for mining and related pursuits. I don’t mean other planets and moons exist just to be used by us – but it’s a whole lot better to take some raw materials from a minerals-only planet than it is to destroy the unique biodiversity this one has.

    I’m not impressed with how things are run here, at all.

  13. Pantagruel March 5, 2008 at 10:13 pm #

    Some say the biggest disaster to strike contemporary man would be a large scale power outage. It’s sound silly but being a village chap I know how to milk a cow (my big city neighbour only knows milk in plastic containers)

    The best way to realise that you can do without all this high tech junk is to go on vacation somewhere remote and get your hands into the dirt.
    (we do have electricity there, but running water only if you use the pump, chop wood at +30 celsius for cooking (and sauna)). Yes I miss the internet/pc/mobile phone etc, but only for about two days. The landscape, simple live and fun with the kids makes up for those small discomforts. Damn I need a holiday!

  14. eM3rC March 6, 2008 at 4:56 am #

    Totally with you Pantagruel on the dependency on all the things we take for granted now-a-days. Many of my friends think I’m crazy about being cautious about AI and the such but heres a few random points I wanted to add to my post.

    First, although “smart” robots might be harmless with the hw/sw they are equipped with there’s two factors that might have been overlooked. The US government will do whatever it can to have the biggest and baddest weapons. One of these might just be a virus that could transfer between these robots (odds are they will have some kind of internal bluetooth/wireless internet connection), or some kind of robot army. Call me crazy, I don’t care. Just watch what might happen in about 50 years…

    The second and even greater digression is zombies. Yes, zombies. After thinking about this topic for a little while the next worse thing I could think of is some kind of zombie outbreak. Movies like 28 Days Later and Shawn of the Dead make it seem like a very easy thing that could happen. Anywho, I just finished reading a 250 page zombie survival manual and found it both entertaining and insightful into human reactions when faced with terrifying situations/low resources. If there was some large power outage/earth reaches it carrying capacity/etc odds are factions would emerge and chaos would probably ensure, although the extent might vary.

    I know that was a very random digression but it was something I would like to add.

  15. zupakomputer March 6, 2008 at 2:24 pm #

    In total agreement there Pantagruel – I’m also lucky to have spent time existing without so called mod-cons, in fact prior to going into studying networks I did things like organic horticulture.

    @eM3rC – that’s a good point, and one I’d forgotten about – there already are a lot of developments and deployments of extremely hi-tech military AI, and related cyborg type of technologies. Some that spring to mind – a lot of biomechanical suits, pre-programmed drones, and even things like bacteria bioengineered to eat electronic parts and plastics; these things already exist to varying degrees.

    Which is all clearly going completely the wrong way, because these things are created only to destroy – it’s as if none of the people involved in making these things ever watch films like Robocop or T2 and listen to what’s being said….

    I was, in the previous comment, thinking of AI more in terms of thinking and reasoning ability; that side of it I do have faith in as proper intelligence will always see the futility of certain ways of doing things, which our leaders currently aren’t forward-thinking enough to realise. I don’t think it necessarily will be cold and given to doing things like grouping people utilitarian-like; but again – it depends on who programs them and for what. There’s certainly plenty of human-zombies that already mindlessly perform tasks unthinkingly, as this modern culture has largely succeeded in getting people to not think about life’s big questions – things like philosophy are seen more as bad career choices.

    I think if anyone manages to somehow design circuits and program sw that gives free-will thinking, gives the machine enough knowledge in memory and the ability to learn more, and also somehow manages to program for understanding, then that’s the true definition of AI – rather than say just building something that is able to self-repair and is programmed to survive above all else.

    I think only a real person (not an unthinking zombie-slave) would even think in terms of how to develop a hardware and software that allows for freedom of choice; it’s not something that people really understand about themselves, and aside from traditional and spiritual explanations, current thinking is very cold and emotionless in its explanations of why people make the decisions they do. Those kinds of understandings are all stuck in behaviouralist interpretations – so they’ve already reduced the human to a non-thinking machine that merely acts according to random outside stimulus.
    I think a real AI will see through that too, and know it’s wrong. If it has free-will decision making.

    Just to digress further – I’ve long been interested in technologies that research more subtle energies (long before seeing Ghostbusters, lol), and there’s been even some major films recently that cover the areas of EVP and ITC – that’s another reason I think that a true AI is going to be able to know for a fact that there’s all kinds of realities that current human society just ignores mostly or likes to pretend are unimportant or don’t exist. The machines can already see it, record it, interact with it. If they got self-aware, they’d look at us and wonder how can they be created by something that is blind to what they can plainly see.
    An example of one of those (what some term ‘right brain electronics’) would be radionics, and related things like dowsing. The equipment used in EVP and ITC is the usual kind of electronics as well as the very different kind.
    Then there’s areas like with Kirlian photography, which uses regular high-voltage electronics but produces images of subtle energies that most science has yet to describe and investigate – at least in the west anyway.
    (In Russia they have been into this kind of research for ages, and in China also they’ve done a lot of research into psychic technologies – not suprising given that they know things like acupuncture and geomancy work; also their online English-language newspapers are often full of the kinds of reports that don’t tend to make the news here.)

    As to zombies – don’t get me started! Another of my pet-hates is how our culture wastes so many trees, all to bury people in the worst possible way imaginable. The only light at the end of that tunnel would be in the area of funerals where people deliberately use biodegradable coffins.
    Seriously, the manner in which our culture does burials is based entirely upon the idea of reanimating corpses later! or digging them up for some other purpose. Why else are they interested in preserving dead bodies, instead of them going back into the ground as organic matter should (or be cremated or something else natural).
    Mind you, people here are so insane that even many cremations buy a whole tree’s worth of casket – just to incinerate it. Then half the ashes anyway aren’t even the persons body.

  16. J. Lion March 6, 2008 at 3:00 pm #

    @zupakomputer & Bogwitch
    For Job hunting ever tried It’s kinda like though with features of Social Networking sites.

  17. J. Lion March 6, 2008 at 3:15 pm #


    Wow – I never milked a cow! I’m not sure if I can survive in a farm.

  18. Pantagruel March 6, 2008 at 7:40 pm #


    Work at a farm is tough by very rewarding, I will not elaborate since we are drifting away from the actuall botnet subject (apart from the herding bit that is).

  19. Billy March 13, 2008 at 3:10 pm #

    hmm. knowledge is increasing. need to step up to linux