Friday, October 9, 2009

Researchers Hijack a Drive-By Botnet

6,500 websites hosting malicious code that redirected nearly 340,000 visitors to malicious sites.

A recent University of California at Santa Barbara (UCSB) study examined the damaging effects of the computer-infecting Mebroot botnet. The Mebroot botnet network corrupts normal Web sites and redirects their visitors to a domain that tries to infect their computers with malware. Once infected, the computers can be controlled by Mebroot programmers.

The Mebroot botnet is difficult to track because programmers change the domain name daily using three Javascript algorithms similar to one used by the computer worm Conficker. Two of the algorithms use the day's date as a variable, but the third uses characters from the day's most popular key word search on Twitter. This is difficult for antivirus programmers to predict, making it harder to protect computers from invasion.

"It is definitely one of the most advanced and professional botnets out there," says F-Secure's Kimmo Kasslin. UCSB researchers tried to use the algorithms against the Mebroot programmers, predicting upcoming domain names and booking them ahead of time, but the attackers responded by reserving the names more quickly. The researchers found that almost 70 percent of visitors to dangerous Mebroot domains were exposed to about 40 different methods of infection.

About 35 percent were exposed to the six vulnerabilities that Mebroot uses. I strongly suggests and recommends that all computer users need to update their antivirus software more frequently to avoid infection.

Refer here to read more details about the research.

No comments: