TeMerc
join:2004-01-22
Phoenix, AZ
|  IM Rootkit Tracked To Mid East Group
The Rootkit powered Botnet
Paperghost wrote:
"The great internet shakedown has begun, and to coin a phrase, it's clobberin' time."
Yet consider what our team has been able to ferret out lately -
A rather nasty IM virus tracked, jacked and nailed like a punk.
The "fake" Google Toolbar, traced back to IM and also tracked right back to 2003.
The notorious IM Rootkit, so hot they covered it twice in two days on Slashdot. Ye Gods.
And, after further investigation on the AIM rootkit story, we are fairly confident we have located the group behind this thing and have turned the information over to the FBI and other federal agencies.
What is scary here, is the potential for mass damage that we have seen through monitoring this group (based in the Middle East) nearly 24/7. They are slowly but surely building one of those huge botnets we all know and love, spread across the globe and it seems the lockx rootkit was simply the beach-head - the first wave. Naturally, we can only speculate and often researchers have to do just that - a good researcher knows their enemy, and follows a hunch when little evidence is on the table.
They spread the lockx rootkit via IM, hidden in with a big pile of advertising software. As I predicted at the time, the Adware stuff was likely just a decoy, to distract from the rootkit that came in the package.
Over 17,000 users were found to be compromised on a single server, and we found lots of those worldwide.
We spread all new kinds of malware, self-extracting zipfiles, altered file-names, modified infections ripped from other sources of distribution.....and this stuff does all of the below and then some:
Can steal your browser auto-complete data which may leak confidential personal information
Gain access to Microsoft Outlook Express
Open browsers to launch a denial of service attack, and/or
Download additional malicious applications
As you can see, the scale and ambition of this one is truly frightening. It also does not bode well if you subscribe to the “Porterism” kind of future. A mass of Botnets can wreak havoc on a world that is networked like never before - banks, emergency services, vital communications - you get the picture.
For more information on what to expect from this thing, check out the official FaceTime press release here:
»facetime.com/pr/pr051117.aspx
Stay frosty, kids.
Full Read @ VitalSecurity.org
»www.vitalsecurity.org/2005/11/ro···net.html |
