Educational And Military Networks Under Botnet attacks
Security researchers from BitDefender have recently discovered a complex spamming scheme that hijacks PCs in order to attempt to send junk mail via university and military systems. Researchers said the scheme, based on a backdoor called Edunet, was one of the most complicated they’ve come across.
The interesting thing about Edunet is that these mail servers are mostly in the .edu (educational) and .mil (military) domains. On these servers the botnet looks for open relays – a type of misconfiguration often used by spammers to disguise the real origins of the junk mail. While the list of targets has remained fixed, the botnet takes its commands from a list of servers that is constantly changing, making it difficult to pin down where the commands are coming from.
The scam starts with junk emails that offer links to videos. When a user clicks on the link he is prompted to download a “media player” – something that should in itself ring alarm bells, since most videos currently use players embedded in a web page or in the operating system itself. The “media player” download is in fact the Edunet backdoor, which creates a botnet used to attempt to send spam via a list of mail servers.
So far, the scheme doesn’t seem to have been very effective, since none of the targeted servers actually host open relays.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.