PandaLabs Discovers DreamSystem 1.3 Malicious Tool

PandaLabs has uncovered DreamSystem, a system for controlling several variants of the DreamSocks family of bots. Version 1.3 of this tool, the latest known edition, is being sold on several online forums for around US$750. The price includes free updates to new versions.

The tool is made up of two applications. The first allows cyber-crooks to convert infected computers into a server, entering a URL into the bots, which they then have to contact to receive commands. The second part is the application that allows the criminals to transmit these orders and which has been found posted on several web servers indicating that there are several botnets currently being administered by this tool.

The bots controlled through DreamSystem let attackers turn infected systems into zombies and use them as servers. They also allow the bot herder to download and run all types of files, including other malicious code.

In the forums where this tool has been discovered, the tool is advocated for launching distributed denial of service attacks (DDoS) against Web servers. Bots in the DreamSocks family can be used for denial of service attacks using two protocols: HTTP and UDP.

"Cyber-crooks use these attacks to blackmail companies. They threaten to disrupt Web services –with the losses that this would entail- unless companies pay the ransom. The motive is clearly financial", confirms Luis Corrons, Technical Director of PandaLabs.

The techniques used to spread these bots vary. From systems that use exploits to infect users, such as Mpack, to sending spam containing the bot.

"The phenomenon of botnets is on the rise. In fact, in recent months, our labs have discovered several tools for controlling botnets, such as Zunker. We believe that criminals are not only using these for their own direct benefit, but that they are also being hired out to third parties and used for distributing Trojans or spamming", explains Corrons.

write your comments about the article :: © 2007 Computing News :: home page