By Dan Goodin in San Francisco
12th September 2009
A security researcher has discovered a cluster of infected Linux servers
that have been corralled into a special ops botnet of sorts and used to
distribute malware to unwitting people browsing the web.
Each of the infected machines examined so far is a dedicated or virtual
dedicated server running a legitimate website, Denis Sinegubko, an
independent researcher based in Magnitogorsk, Russia, told The Register.
But in addition to running an Apache webserver to dish up benign
content, they've also been hacked to run a second webserver known as
nginx, which serves malware.
"What we see here is a long awaited botnet of zombie web servers! A
group of interconnected infected web servers with [a] common control
center involved in malware distribution," Sinegubko wrote here. "To make
things more complex, this botnet of web servers is connected with the
botnet of infected home computer(s)."
The finding highlights the continuing evolution of bot herders as they
look for new ways to issue commands to the hundreds of thousands of
infected zombies under their control. It came the same day anti-virus
provider Symantec reported Google Groups was being used as a master
control channel for a recently discovered trojan. Four weeks ago, a
researcher from Arbor Networks made a similar discovery when he found
several Twitter profiles being used to run a botnet.
Please Donate to the Ron Santo Walk to
Cure Diabetes with Ethan's Crew!