Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 7th, 2008

400000 Infected Machines In New Growing Botnet

Researches have uncovered what they say is the biggest botnet ever. It includes over 400,000 infected machines, more than twice the size of Storm, which was previously believed to be the largest zombie network.

“Kraken” is the botnet that security firm Damballa has been tracking for the last few weeks. So far, only about 20 percent of the anti-virus products out there are detecting the malware. Kraken’s ability to morph its code base has allowed it to evade the majority of malware detectors.

Kraken, despite being on all these people’s computers, has low anti-virus coverage. It seems anti-virus companies can’t keep up with the arms race due to the number of variants and the frequency of updates. The code inside the executable file that infects a PC has been arranged in a way that makes it hard for malware analysis tools to accurately disassemble the malicious program. It raises the question of whether this basically has been authored specifically with anti-virus evasion in mind.

Kraken most likely spreads by tricking end users into clicking on a malicious file that’s disguised as an image. When it’s executed, the program automatically copies itself to the hard drive in a slightly altered format. In the event AV programs are eventually able to recognize the original file, Kraken can use the altered file to reinfect the machine. Moreover, zombie machines regularly update themselves as an additional measure to prevent detection.

Kraken’s primary activity is sending spam that advertises high-interest loans, male-enhancement techniques, fake designer watches and gambling opportunities. Damballa has observed as many as 500,000 pieces of junk mail being sent from a single zombie.

Estimates have varied wildly for the number of bots belonging to the Storm network. While some researchers have said millions of machines have been compromised, MessageLabs in February put the number of nodes at just 85,000. Whatever the number – Damballa estimates Storm has 200,000 victim – it was believed to be the biggest. It has clearly been eclipsed by Kraken, which on March 25 was observed to have compromised 409,912 unique IP addresses during a 24-hour period. The number is predicted to grow to more than 600,000 in the next two weeks. This infection is evading the canonical defense techniques that the enterprises use, such as intrusion detection systems and intrusion prevention systems. It should be caught by IDSes, IPSes and firewalls, but it’s not.

Share this article with others:

More on CyberInsecure:
  • The Number Of Infected Machines In Botnets Quadrupled In Last 3 Months
  • Government And Corporate Systems Found On 1.9 Million Infected Computers Network
  • Torpig Botnet Hijacking Reveals 70GB Of Stolen Credit Cards And Passwords
  • Spam Volumes Increase Again, Soon To Be Powered By At Least 10 Millions Of Infected Conficker Bots
  • Botnet Spams 60 Billion Emails A Day

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: 400000 Infected Machines In New Growing Botnet

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.