That almost sounds like a sports headline, and with the NCAA basketball championship game being played tonight I guess it isn't completely unreasonable to have that tone. On to the details now...
A new botnet seems to be establishing itself on the Internet. Dubbed "Kraken," this one seems to be better at concealing, morphing and distributing itself than the Storm net that I wrote about late last year. At that time, security vendors were suggesting that the Storm had two million compromised computers in the net, though the current version of the story seems to suggest that the Storm has about 200,000 compromised systems under its control. The Kraken botnet, meanwhile, is reported to have 400,000 compromised machines and in an extremely worrisome development, the codebase for it seems to be morphing rapidly, staying ahead of most security vendors' efforts to isolate and eradicate it.
"Kraken, despite being on all these people's computers, has such low anti-virus coverage," said Paul Royal, principal researcher at Atlanta-based Damballa. "Anti-virus companies can't keep up with the arms race because of the number of variants and the frequency of the updates."
In addition, the code inside the executable file that infects a PC has been arranged in a way that makes it hard for malware analysis tools to accurately disassemble the malicious program.
"It raises the question of whether this basically has been authored specifically with anti-virus evasion in mind," Royal added.
There also seems to be significant concern that the Kraken has spread into many corporate systems that are generally thought to be protected by more robust defenses, including IDS/IPS solutions. Those systems seem to be incapable of detecting or stopping the malware.
The malware is being used to send out spam from infected hosts, so if you're appropriately protected against unauthorized outbound email sending on your network it might not be too big a deal. Still, this is further proof that the malware developers aren't giving up. Rather, they are trying harder, and incessantly try to show that, in the words of Dark Helmet, "Evil will always triumph because good is dumb!"
0 comments:
Post a Comment