AOH :: ISNQ5600.HTM

Botnet attacks military systems




Botnet attacks military systems
Botnet attacks military systems



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1559892655-1209973484=:4128
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.techworld.com/security/news/index.cfm?newsID=12148 

By Matthew Broersma
Techworld
02 May 2008

Security researchers have discovered a complex spamming scheme that 
hijacks users' PCs in order to attempt to send junk mail via university 
and military systems.

Researchers at Romania-based BitDefender said the scheme, based on a 
backdoor called Edunet, was one of the most complicated and mysterious 
they've come across.

"It's not every day that you stumble on the workings of an honest-to-God 
hacking ring, let alone one that has a predilection for using military 
and university-run mail servers as spam relays,=E2=80=9D said Sorin Dudea, 
BitDefender's head of anti-virus research, in a statement.

The scam starts with junk emails that offer links to videos. When a user 
clicks on the link he is prompted to download a "media player" - 
something that should in itself ring alarm bells, since most videos 
currently use players embedded in a web page or in the operating system 
itself.

The "media player" download is in fact the Edunet backdoor, which 
creates a botnet used to attempt to send spam via a list of mail 
servers, BitDefender said.

One of the curiosities of Edunet is that these mail servers are mostly 
in the .edu and .mil domains. On these servers the botnet looks for open 
relays - a type of misconfiguration often used by spammers to disguise 
the real origins of the junk mail.

"It would be interesting to identify what, if anything, the institutions 
that own the targeted servers have in common," BitDefender's Dudea 
stated.

So far, the scheme doesn't seem to have been very effective, since none 
of the targeted servers actually host open relays, BitDefender said.

While the list of targets has remained fixed, the botnet takes its 
commands from a list of servers that is constantly changing, making it 
difficult to pin down where the commands are coming from, the company 
said.


--1457021584-1559892655-1209973484=:4128
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 
--1457021584-1559892655-1209973484=:4128--

Site design & layout copyright © 1986-2014 CodeGods