14 April, 2009

"GhostNet" linked to the "Waledac" botnet

Conficker.C-infected computers have shown activity recently, according to security analysts and software/network engineers, so it seems the threat is not over...yet.

It's main activities (identified activities, that is), are:
  • downloading (malware from other botnets, mainly the spammer-botnet "Waledac", better known as the re-animated Storm DeadNet "Valentines e-mail spammer botnet")
  • linking (assumably to other malicious botnets)
  • communicating (assumably with it's creators).

It is also reported to flash rogue anti-viral software ads directed at users of these infected machines.

Darknet.co.uk had this article to explain (excerpt from article below):

“Fear is used, universally, as a means to control people,” said Sendio CTO Tal Golan. “Governments use it. Large businesses use it. So it should come as no surprise to anyone that ‘cyber-bad guys’ use it.”

At the moment, the rogue anti-virus software comes from sites located in the Ukraine (131-3.elaninet.com. although the worm is downloading it from other sites, according to Kaspersky Lab.

Hmm. No, not surprising at all if you ask me.

0 kommentarer :

Post a Comment