contents

software
 
New Tool for Controlling Computers Infected with Bots Discovered

A detection of the LdPinch Trojan was the clue that led PandaLabs to discover a new server hosting a previously undiscovered tool for controlling botnets. This tool displays two screens. The first of these shows the number of computers controlled by the 'bot herder' in each area. The second, called 'Botnet controller', enables a series of actions to be taken on infected computers. These include downloading and running files or blocking access to URLs. It also allows the bot herder to upload files to an FTP site, before downloading them onto infected computers.

"This option means an attacker can download all types of malware onto computers. A version of the LdPinch Trojan, which steals confidential information, put us on the trail. When we were investigating the server to which stolen data was sent, we discovered that this computer also hosted this tool", explains Luis Corrons, technical director of PandaLabs. "In fact we suspect the Trojan was installed using this malicious application".

Bots are programs that are installed on computers to take a series of actions automatically: sending spam, downloading other malware, etc, turning compromised computers into 'zombies'. Normally, cyber-crooks try to infect as many computers as possible with bots to create botnets.

Botnets have become an important business model for criminals. There is even an underground market for renting botnets in order to send spam or other malicious activity.

In recent months, PandaLabs has discovered several tools for controlling botnets, such as Zunker. There are even bots with their own administration tool, such as Barracuda.A, which managed to infect more than 15,000 computers.



write your comments about the article :: 2007 Computing News :: home page