Major botnet infiltrated

Share this article:

For the first time, a major botnet -- specifically, the insidious Kraken botnet -- has been beneficially infiltrated. And researchers have found a way to shut it down remotely.

Cody Pierce, security researcher at TippingPoint's DVLabs, told SCMagazineUS on Tuesday that “we set out to see how the bot communicates, see how it decides who to contact, and discover what kinds of commands it can execute. The idea was to see if it was possible to infiltrate these things and shut them down.”

The researchers found that the code can be arbitrarily downloaded and executed on zombie hosts. With that knowledge and a little legwork, they found that a measure of the number of infected machines could be estimated.

According to Pierce, “The bot generates dynamic DNS host names. Those names are registered and the ploy will listen for command and control information. We figured out that if we registered a couple of names that came up when a machine first reboots, we would have a good chance of hitting a lot of bots when they report in. From there we could gather statistics about how large the bot network was.”

The bot is not undefeatable. Pierce said, “We found that whoever was controlling the bot could make changes, so that the code could update itself on affected machines. By investigating and using this mechanism ourselves, we devised a way that the bots could be cleansed from the systems they were on.”

 

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.