• 08/18/2006
    6:10 PM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Week's Windows Attack Turns PCs Into Spam Zombies

The latest bot to pester Windows users seems to have been trolling for machines to add to a spam-spewing network of zombies.
The bot that began infecting Windows PCs last weekend using a bug disclosed by Microsoft the previous week was after machines to add to a spam-spewing network of so-called "zombies," a security research firm said.

In a research report posted to its Web site, Chicago-based LURHQ concluded that the most recent version of Mocbot -- also called Wargbot and Graweg -- that exploited the vulnerability patched in the Aug. 8 MS06-040 security bulletin was "not especially unique."

By using a "sandnet" -- a tool which creates a virtual Internet through which malware can romp without endangering real systems -- LURHQ was able to spy on the command and control instructions issued to Mocbot by its controller, or bot herder.

"The bot herder cannot tell the difference between us and one of the bots," LURHQ reported in its write-up. "[But] active probing of the bot by the bot herder using built-in commands could give away our presence." Instead, LURHQ's researchers were able to monitor traffic between the bot and its herder, decrypt it, and read it in near-real-time.

Among the first commands that Mocbot receives is to download another piece of malicious code, a spam proxy Trojan horse dubbed Ranky. (Other security vendors, notably Symantec, also uncovered the Mocbot-Ranky connection this week.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments