Researchers Compromise ‘Mebroot’ Botnet to Analyze Drive-by Download Attacks

Latest news
Legally Designed Cloud Computing Used for Malicious Purposes Software Housing Source Code Poorly Protected 100 Organizations Likely Affected in January Google Attack Filters and Antivirus Fail to Detect Malicious URLs Mabezat Worm Preys on Job Seekers

Support our Sponsors
uClip Clipping Path Service Dubai Property News

Main Menu

Home

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Increasing Botnet Network Pushing Researchers to Take Offensive Approach HSBC Bank Warns Customers about Phishing Scam Rumors of Facebook Charge Used to Distribute Malware Hackers Stole $3.8 Million from Duanesburg Central School Bank Account Banking Trojan Attacks Customers of Fifth Third Bank

Researchers Compromise ‘Mebroot’ Botnet to Analyze Drive-by Download Attacks

Written by Administrator

Thursday, 22 October 2009 11:00

Security researchers at the University of California, Santa Barbara, compromised the Mebroot botnet and kept it under their control for nearly 30 days to analyze drive-by download attacks. The attacks, which involve hijacking of authentic websites, help to secretly plant malware on visitors' computers or divert them on unintended websites.

While experimenting, the researchers were able to intercept Mebroot communications after the algorithm (for choosing domains to establish links with) was successfully reverse-engineered. They then tracked down over 6,500 websites where malicious code had been concealed. The study further suggested that 340,000 Internet users had actually contacted infection from these malicious codes.

In an unpublished paper, researchers at UCSB give details of an analysis conducted over four months. They actually established a link between their servers and the Mebroot botnet, an army of compromised PCs. Consequent to this linkage, it became evident that while the websites serving illegal and porn downloads proved most successful in diverting visitors to a malware downloading site, the hijacked sites making references were business sites.

Giovanni Vigna, a UCSB computer science professor and co-author of the unpublished study paper, states that there was a time when anyone not browsing pornographic content was safe, but that is no longer true now, as reported by Technology Review on October 2, 2009.

According to the researchers, the Mebroot botnet, which was first discovered in late 2007, employs compromised websites for diverting users to centrally controlled servers, which download malware and infect those users' PCs. The malware, which infects the MBR (Master Boot Record) of Windows computers, displays evidences of its skilled programming ability like rapid debugging, the researchers elucidated.

Employing various techniques, the Mebroot criminals plant malicious JavaScript on authentic Web servers to infect targeted computers. The script diverts surfers to some other Internet domain that gets replaced daily with a new one, and where their computers are compromised allowing the bot-masters to remotely control them.

Kimmo Kasslin, Director of security response for F-Secure, an antivirus company, commented - the Mebroot was surely an extremely professional and sophisticated botnet, as reported by Technology Review on October 2, 2009.

Read full article...

Polls

The Spamproblem is

	Growing Madly
	Growing
	Not changing
	getting better
	not bothering me at all

Who's online
We have 26 guests online

News Flash

How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us