CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 5th, 2008

Educational And Military Networks Under Botnet attacks

Security researchers from BitDefender have recently discovered a complex spamming scheme that hijacks PCs in order to attempt to send junk mail via university and military systems. Researchers said the scheme, based on a backdoor called Edunet, was one of the most complicated they’ve come across.

The interesting thing about Edunet is that these mail servers are mostly in the .edu (educational) and .mil (military) domains. On these servers the botnet looks for open relays – a type of misconfiguration often used by spammers to disguise the real origins of the junk mail. While the list of targets has remained fixed, the botnet takes its commands from a list of servers that is constantly changing, making it difficult to pin down where the commands are coming from.

The scam starts with junk emails that offer links to videos. When a user clicks on the link he is prompted to download a “media player” – something that should in itself ring alarm bells, since most videos currently use players embedded in a web page or in the operating system itself. The “media player” download is in fact the Edunet backdoor, which creates a botnet used to attempt to send spam via a list of mail servers.

So far, the scheme doesn’t seem to have been very effective, since none of the targeted servers actually host open relays.

Share this item with others:

More on CyberInsecure:
  • Military US Base Systems In Afghanistan And Iraq Hit By A Virus, At Least One Classified Network Penetrated
  • Hacker Published Confidential Records Belonging To Six Million Chileans On The Internet
  • The Number Of Infected Machines In Botnets Quadrupled In Last 3 Months
  • Access To Hacked Government, Educational, Military Websites Sold On Underground Market
  • Storm Botnet Is Behind 20 Percent Of Internet Spam

    • Posted in Mass Web Attacks, Spam | Print This Post Print This Post

    This entry was posted on Monday, May 5th, 2008 at 4:12 am and is filed under Mass Web Attacks, Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Educational And Military Networks Under Botnet attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »