Unified Communications

06:10 PM
Connect Directly

Week's Windows Attack Turns PCs Into Spam Zombies

The latest bot to pester Windows users seems to have been trolling for machines to add to a spam-spewing network of zombies.

The bot that began infecting Windows PCs last weekend using a bug disclosed by Microsoft the previous week was after machines to add to a spam-spewing network of so-called "zombies," a security research firm said.

In a research report posted to its Web site, Chicago-based LURHQ concluded that the most recent version of Mocbot -- also called Wargbot and Graweg -- that exploited the vulnerability patched in the Aug. 8 MS06-040 security bulletin was "not especially unique."

By using a "sandnet" -- a tool which creates a virtual Internet through which malware can romp without endangering real systems -- LURHQ was able to spy on the command and control instructions issued to Mocbot by its controller, or bot herder.

"The bot herder cannot tell the difference between us and one of the bots," LURHQ reported in its write-up. "[But] active probing of the bot by the bot herder using built-in commands could give away our presence." Instead, LURHQ's researchers were able to monitor traffic between the bot and its herder, decrypt it, and read it in near-real-time.

Among the first commands that Mocbot receives is to download another piece of malicious code, a spam proxy Trojan horse dubbed Ranky. (Other security vendors, notably Symantec, also uncovered the Mocbot-Ranky connection this week.)

1 of 3
Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Twitter Feed