[ExI] Botnets Are Making Smarter Zombie PCs

BillK pharos at gmail.com
Thu Jan 15 19:53:21 UTC 2009


<http://nextbigfuture.com/2009/01/setback-in-war-on-spam-botnets-are.html>

Zombie PCs are getting smarter and harder to track down, according to
security software vendor Commtouch. This is a early hint of a world
with more advanced artificial intelligence (AI). The AI could be used
for good or bad and could themselves be good or bad.
New zombies now routinely request new IP addresses from their ISPs, so
anti-spam software that works by blocking spam based the originating
IP addresses can no longer effectively halt them, the company said in
its most recent quarterly Internet Threats Trend Report.
-------------------------

Also see:
<http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212900543>

 It's official: Storm is back. The notorious botnet that ballooned
into one of the biggest botnets ever and then basically disappeared
for months last year is rebuilding -- with all-new malware and a more
sustainable architecture less likely to be infiltrated and shut down.

Steven Adair, a researcher with Shadowserver, says the HTTP method
being used now by Storm also helps mask which machines are bots and
which are command and control servers. "It makes it harder to figure
out which systems are actually just victim systems and which are
actually motherships systems that are used for the real command and
control," he says.

Another improvement with Storm is its encryption: Stewart says the
botnet is now using strong encryption rather than the weak 64-bit RSA
encryption it used before that researchers were able to crack it. "Now
they are using AES encryption for the initial exchange, and then using
RSA 1024 for the rest of traffic," Stewart says. Storm is still using
the increasingly popular and stealthy fast-flux architecture to help
keep it up and running.
------------------

And
<http://www.heise-online.co.uk/security/Report-2-5-million-PCs-infected-with-Conficker-worm--/news/112416>

According to F-Secure, there are already almost 2.5 million PCs
infected with the Conficker worm, also known as Downadup. Since the
worm has the ability to download new versions of itself, it is
expected that the infection could spread much further. The new code is
downloaded from domain names generated with a complex algorithm,
making it hard to predict what domains will be used to spread the
worms updates.
------------



AI is advancing in an unexpected direction and it's probably in your PC already.

Better get your tin-foil helmet on, Damien!

BillK



More information about the extropy-chat mailing list