AOH :: ISNQ5750.HTM

Botnet Operators Infecting Servers, Not Just PCs




Botnet Operators Infecting Servers, Not Just PCs
Botnet Operators Infecting Servers, Not Just PCs



http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=222002433 

By Kelly Jackson Higgins
DarkReading
Dec 16, 2009

Botnet operators have always been able to easily infect and convert PCs 
into bots, but they also are increasingly going after servers -- even 
building networks of compromised servers.

Web servers, FTP servers, and even SSL servers are becoming prime 
targets for botnet operators, not as command and control servers or as 
pure zombies, but more as a place to host their malicious code and 
files, or in some cases to execute high-powered spam runs.

"FTP servers are a hot commodity in the underground. They are regularly 
used by drive-by download malware as well as a downloading component for 
regular bots," says Mikko Hypponen, chief research officer at F-Secure. 
"Another thing we've noticed is the use of SSL servers. Sites with a 
valid SSL certificate get hacked and are used by drive-by-downloads."

Why SSL servers? "If a drive-by download gets the malware file through 
an HTTPS connection, proxy and gateway scanners won't be able to scan 
for the malware in transit, making it easier to sneak in," Hypponen 
explains.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods