MESSAGE
| DATE | 2004-09-13 |
| FROM | From: "Inker, Evan"
|
| SUBJECT | Subject: [hangout] Malware Writers Using Open-Source Tactics
|
Malware Writers Using Open-Source Tactics
http://www.linuxinsider.com/story/36476.html
By John P. Mello Jr.
LinuxInsider
09/09/04 7:42 AM PT
Among the devilish deeds that can be perpetrated by Trojans is the creation
of "zombie networks" -- networks typically composed of home computers
surreptitiously controlled by a badware's author. "We estimate that spam
zombie networks are responsible for from anywhere to 25 to 30 percent of the
spam on the Internet today, and it's growing," said Scott Chasin, CTO of
e-mail defense solutions company MX Logic.
Sybase ASE Linux Express Edition - FREE
The first enterprise-class commercial database that can take you from pilot
to deployment for zero dollars and zero risk.
The techniques used to develop open-source software like Linux have proven
to be so effective that they've been adopted by malware writers to improve
their mischievous ways.
"There's a community of worm builders creating, almost in an open-source
fashion, Trojan source code that can be downloaded, compiled and released
into the wild," said Scott Chasin, CTO of e-mail defense solutions company
MX Logic in Denver, Colorado.
"A lot of these Trojans and their variants borrow from the open-source
industry and are built off a community effort in an underground
environment," he told LinuxInsider.
Zombie Networks
Among the devilish deeds that can be perpetrated by Trojans is the creation
of "zombie networks" -- networks typically composed of home computers
surreptitiously controlled by a badware's author.
Those networks are currently a prime delivery vehicle for spammers,
according to Chasin. "We estimate that spam zombie networks are responsible
for from anywhere to 25 to 30 percent of the spam on the Internet today, and
it's growing," he maintained.
Some analysts peg the contribution of zombie networks to the spread of spam
even higher. A report released in June by Sandvine, a broadband security
firm in Waterloo, Ontario, Canada, estimated that as much as 80 percent of
all unsolicited marketing e-mail emanates from residential ISP networks and
home PCs.
Rich Target
"The collaboration between spammers and worm authors and a rich target
environment of insecure PCs with broadband connections has created an
opportunity for the continued existence of Trojan networks," Chasin
observed.
Greater reliance by spammers on the zombies has created a cash market for
the networks. A network of 20,000 zombies was reported by USA Today selling
for US$2,000 to $3,000.
"Every person that does this kind of activity pretty much sets their own
price," noted Joe Stewart, a senior security researcher at the Myrtle Beach,
South Carolina, offices of LURHQ, a managed security services provider.
"It's what an individual author wants for his network," he told
LinuxInsider. "It doesn't cost them anything to do what they're so they're
talking 100 percent profit no matter what they charge."
Sanvine Cofounder and Chief Architect Don Bowman explained that zombie
network creators have had to adopt their systems over time to counter
defense measures taken against them.
Comcast Closes Door
A common defense adopted by ISPs is to monitor activity on port 25, the port
most commonly used by spammers to avoid an ISP's outbound mail servers and
ship their annoying payloads directly to other ISP's inbound servers.
If an ISP sees an unusual volume of mail emanating from one of its users on
port 25, it will turn off that user's access to the port.
The technique can be quite effective. After it began a program in June to
shut down port 25 to spammers, Philadelphia-based Comcast (Nasdaq: CMCSK) ,
the nation's largest broadband ISP, reduced unsolicited e-mail originating
on its network by 80 percent, spokesperson Jeanne Russo told LinuxInsider.
"Port 25 can be an open door for a spammer," she said. "By blocking port 25,
we close that door. That makes a user less attractive to a spammer because
they can't get their spam out."
Spammers Adapt
To counter port 25 measures, Bowman explained, zombie operators have tried
to create larger networks and send fewer messages per PC.
"The first zombies that we saw would basically go as fast as they could for
as long as they could until they were shut down," he said. "Now they use
more stealth."
"They also tend to operate in hours when people are less likely to be at
their PC," he added. "So in the Eastern time zone, they'll be more likely to
be active in the late afternoon than in the evening."
"These spammers are smart," he continued. "They want to keep these PCs
infected as long as possible."
Regards,
Evan M. Inker (New York) x. 4615
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
____________________________
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc
|
|
