The Mega-D botnet was disabled last week by a team of white hat hackers. It may have had up to a quarter million infected machines under it’s control before it was disrupted. The botnet was estimated to be responsible for a third of the world’s spam output. It was knocked out of commission last week by employees of security firm FireEye.
How they did it
Dan Goodin reported: “After unplugging the Mega-D master control channels, the researchers set up a benign ’sinkhole’ channel for the bots to report to and waited to see what would happen.
Over five days, 487,340 unique IP addresses reported to the ad-hoc server. Using findings derived from last year’s take-down of the separate Srizbi botnet, FireEye estimates that the figure translates to 248,590 unique machines. Unlike Mega-D, Srizbi included an accounting mechanism that identified each infected machine. They then analyzed the number of IP addresses and noted that after five days, it was about double the number of individual Srizbi victims.”
Size hard to judge
FireEye’s Todd Rosenberry said “Any botnet size estimate should be taken with a grain of salt as they are notoriously hard to calculate and there is a lot of conflicting data out there.”
Effects felt worldwide
The researchers estimated that Brazil was the most infected country (11.5 percent of the victims), followed closely by India and Viet Nam. 214 countries were represented.
Still under watchful eye
Mega-D is still being monitored. There are plans to turn over maintenance of the sinkhole server to Shadowserver. These volunteers have established infrastructure and relationships with ISPs and Computer Emergency Response Teams, or CERTS, globally.
About Mailprotector
Mailprotector’s services are ideal for protecting your Exchange server, or any mail server, against spammers attempts to flood your inbox with their junk: spam, viruses, trojans, phishing attacks and other email borne malware and threats.
According to a recent GAO report NASA suffered hundreds of security incidents in 2007 and 2008, including malware infections, data breaches, stolen laptops and bot nets. NASA was affected by more malware than any other federal agency and reported 1,120 security incidents during this two year span. Some of the laptops that were stolen contained unencrypted data for the prototype hypersonic jet (the X-51 scramjet) and test plans related to a space telescope and lunar orbiter. 82 agency computers became part of a Ukraine-based bot net after they were infected with rootkits.
Situation is improved, but gaps in security remain
The US Computer Emergency Readiness Team urged the space agency to implement more effective patching and to better train employees regarding cyber security. Despite the warning NASA still found a number of machines infected with the Coreflood Trojan. It can steal user credentials then communicate with a hostile command and control server. NASA has taken steps to address incident response and improve cyber security practices. The GAO still cites gaps. “”NASA remains vulnerable to similar incidents going forward,” the report finds. “Control vulnerabilities and program shortfalls make it possible for intruders, as well as government and contractor employees, to bypass or disable computer access controls and undertake a wide variety of inappropriate or malicious acts.”
Security should continue to tighten
The GAO made numerous recommendations. NASA deputy administrator Lori Garver agreed with them. “Deficiencies with IT security are often a result of systemic issues in the management of IT,” she said. “To this end, NASA continues to implement improvements in IT management, adhering to [a] previously developed strategy for providing an integrated, secure, and efficient IT environment that supports the NASA mission.”
User awareness key to any effective cyber security program
People need to understand the risks of opening spam attachments or visiting links embedded in spam. Mailprotector’s services help to mitigate these types of events. Our email security services protect users from Trojans, viruses, phishing, and other email-borne malware. Mailprotector is easy – you don’t need to be a rocket scientist to use it.
Happy National Cyber Security Awareness Month!
gaps
The “balloon boy” story is a testament to keeping your guard up against hoaxes that some are willing to perpetrate to get past your defenses.
Media frenzy
Reports indicated that 6 year old Falcon Heene had climbed into a box attached to a home-made high altitude balloon. Media outlets piled onto the story – CNN, FOX, DRUDGE Report and others all had headlines indicating the balloon was adrift but the box was no longer intact. America was anxiously awaiting to learn the fate of the small child.
Emergency services scrambled
The balloon floated for approximately 50 miles. Emergency responders rushed to the scene as the balloon touched down to search for the young boy. Once they did not find him they activated other teams to expand the search. All this effort was for naught because the child was safely on the ground the entire time.
The joke’s on us
As this story continued to unfold it became apparent that it was a hoax. As details have emerged it has been learned that the parents concocted this scheme for self-promotional purposes. Law enforcement officials are still investigating the case. Sheriff Jim Alderden of Larimer County along with other authorities have indicated that charges may be forthcoming against the parents, Richard and Mayumi Heene:
“Charges have not been filed, but authorities expect to recommend felony charges including conspiracy, contributing to the delinquency of a minor and attempting to influence a public servant, Alderden said. They also plan to recommend a charge of filing a false police report, which is a misdemeanor.”
Sherriff Alderden said it is unlikely that someone convicted of these charges would face jail time.
Their plan was pretty much a success
Based on the Sherriff’s comments it appears that the Heene’s have accomplished their goal to heavily promote themselves for another reality show without actually getting into a bunch of trouble. They previously appeared on ABC’s “Wife Swap” and had approached other outlets in the past few months about doing another reality show. Based on all the media reports it’s apparent these folks crave the spotlight and were willing to perpetrate this hoax to create the buzz for a new “reality show.”
News such as this can create an “in” for cyber villians
Spammers and cyber-thieves have a way of using these types of news events to push spam out to unsuspecting recipients. Be wary of phishing emails with headline grabbing subjects. Many times there are links that will direct you to an infected site that will infect your computer with a bot net virus, password stealing Trojan, key logger Trojan, or other malware. Don’t fall for these tricks.
Don’t be fooled again
The Heenes may have been able to pull off their hoax with seemingly little consequence. However, you’ll find that if you fall for the spammers bait then the consequences may be quite harmful. Continue to educate your users against the perils of opening spam and Implement Mailprotector’s award winning email security to protect against cyber hoaxes.
There have been a slew of cyber-security related news events as of late. Robert Mueller, the FBI director, told an audience that he was nearly hooked in a phishing scam . Google’s Wave created a spike of spear-phishing attempts. Botnets continue to plague the web, and spam has not been eradicated by 2006 as Bill Gates had predicted in 2004.
Well, here’s another item you need a heads-up about – GIANT SNAKES!
The giant snakes aren’t on the Internet. They’re in Florida, Texas and the southern US. There have been numerous reports about large non-native snake species being let loose in the wild by their previous owners. I’ve never understood why someone would want a python, anaconda, boa constrictor or other large snake as a pet. They won’t chase a ball, they won’t fetch the paper and slippers, and I sure don’t want to find one snuggled up to me on the couch or in the bed. I like snakes but only if I’m bigger and not seen as a meal by them. Snakes have always been fascinating to me. My kids have even been able to handle large constrictors at our local science center. Of course, the handlers are always on hand supervising. These large constrictors can grow up to 20 feet long and weigh over 200 lbs. Could you imagine encountering one of these beasts in the wild? You better be a track star or packing heat if you want to tell that story to your buddies.
We’ll handle your email, you handle the snakes
Mailprotector can’t really help you with large, hungry constrictors you may meet in the wild. We’ll be glad to keep you safe with our award winning email security. We’ll put the squeeze on cyber-crooks so they don’t put the squeeze on you. You’re on your own with the snakes, though.
Happy National Cyber Security Awareness Month!
In a recent study researchers found that small botnets are causing big problems for enterprise networks.
Most botnets are doing more with less
The study tracked more than 600 botnets over a 3 month period. Most of the botnets studied, 57%, were comprised of 100 or fewer nodes. 21% of the botnets had 101 – 500 nodes. 17% of the botnets had between 500 – 10,000 nodes. Only 5% of the botnets had more than 10,000 nodes. Whenever we think of botnets we usually envision thousands of slave PCs being used for nefarious purposes. These smaller botnets are more specific in their targets and are not causing large network disruptions. They are harder to detect as a result. This study sheds new light on the botnet issue.
“Do-it-yourself” botnet kits are readily available
Many of these smaller botnets use tools from DIY kits that can be purchased or downloaded for free from various malware distribution sites. The ability to build tools to lurk on networks provides the hacker with tailored application to specifically target the items and information they want to access. Many of the tools that are being used to craft these specific applications even have backdoors that were created by the original developer. So now you have the hacker that created the custom application gathering information about the network as well as the creator of the original tools used to develop this custom application all collecting information about the enterprise network. Dangerous and scary!
Stop the botnets from attacking
Mailprotector’s services help to protect your email systems from botnets. We keep rogues from sending you unwanted spam and malware to your users. We also protect your email systems from sending spam or malware from within by users or rogue accounts. We’ll even provide you with a free 30 day trial so you can experience botnet-free messaging. Check out our services online or feel free to contact us to learn more.
You can read more details about this study at http://www.eweek.com/c/a/Security/Small-Botnets-Causing-Big-Security-Problems-for-Enterprises-275556/
by David Setzer on June 8, 2009
Here is a great article I picked up from one of our Twitter followers. It does an excellent job of explaining the two different cultures and types of blackhats responsible for the spam, malware and other cyber-threats today. Having been in the email security business for almost 10 years now we see the effects of these types of thugs and can deduce much of their makeup but this article really nails it.
It’s interesting how human nature never really changes. This is nothing more than the 2000’s version of your pick pockets and organized crime of 1930’s Chicago or New York.
