worm blog: Botnets and IM Worms

« Nematodes and Blackworm | Main | Botnet Detection and Response: The Network is the Infection »

Botnets and IM Worms

Two news articles caught my attention this morning. The first is a set of interviews that deal with the botnet problem. Both Red Herring and CNN talked to Merrick Furst, a professor of computing and associate dean for undergraduate programs at Georgia Tech's College of Computing. The interviews are similar, but have some nice background material on bots and what's being done with them. You can read Q&A: Bot-Buster Merrick Furst from Red Herring, and Expert: Botnets No. 1 emerging Internet threat from CNN. I think that he's not too far off. The size of some botnets and the flexibility they afford attackers does make them a significant threat. And once they have penetrated an enterprise, they can be used to access systems arbitrarily, exposing documents to theft or destruction. Expect more botnet material in the coming days, and also read the Wormblog archives on botnets.

The second piece reads more like a press release from a company that has a vested interest in selling products to combat IM threats.

The worm, which was reported by FaceTime Communications, targets PCs that have been infected with the lockx.exe or palsp.exe viruses. It can use Internet Relay Chat-enabled malware to connect the client to a server and spread further. In one manifestation, the worm sends a message containing links to everyone on the infected client's buddy list. When the recipients click on the link, they become infected with new variants of the worm and they install creame.exe, which delivers multiple adware payloads.

Source: All the Rage: Worms Turn Against IM, in Security Pipeline, February 1, 2006. I recall looking at this threat, and it's not as bad as it sounds. Almost all major AV companies picked up the bot software as a SpyBot (or related) variant, so it wasn't slipping under the radar, but it does show that IM is fast becoming a method to propagate malware, like email had become about 5 or 6 years ago. We've been tracking this particular angle of the threat, and you can browse the IM worm story archive here at Wormblog for some history.

February 1, 2006 in editorial, new trends | Permalink
Tell others: digg submit | del.icio.us this | Reddit

Comments

The interesting thing about botnets is that they follow the trend of how malware is no loner about defacing websites or getting down servers. It is also about the ability to hold big enterprises at ransom by the ability to bring down their network completely or to get them involved in legal scnearios by using their networks in malicious activitie.

Posted by: Proneet Biswas | Feb 14, 2006 3:31:13 AM

The comments to this entry are closed.