AOH :: IS1395.HTM

Orphaned Bots Not Necessarily Free Or Clean




Orphaned Bots Not Necessarily Free Or Clean
Orphaned Bots Not Necessarily Free Or Clean



http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212101163 

By Kelly Jackson Higgins
DarkReading
Nov 20, 2008

It has been a week since a half-million bot-infected machines were 
suddenly freed from their "master" botnet servers after ISPs pulled the 
plug on the illicit McColo hosting service. So now what happens to those 
orphaned bot machines?

Researchers have spotted these errant bots over the past week attempting 
to phone home to their former command and control (C&C) servers. While 
the industry continues to celebrate a nearly 70 percent nosedive (albeit 
temporary) in spam volume without McColo to host the world's biggest 
spamming botnets anymore, these orphaned bots are still at risk -- and 
possibly still spewing spam, security experts say.

"They are probably already infected with multiple things. You hardly 
ever find just one bot on these computers," says Joe Stewart, director 
of malware research for SecureWorks. "You may find three or four 
different spam bots on the same machine. And who knows what else -- 
password stealers and other rogue ware."

Many of these bots -- which were members of the world's most prolific 
spam botnets, Srizbi, Mega-D, and Rustock "--are likely still spamming 
away for other botnets, or even possibly other servers on the big three 
that weren't hosted on McColo, security experts say.

[...]


______________________________________________      
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods