CA Warns Of Massive Botnet Attack 357
m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."
I don't get it (Score:1, Informative)
Re:This is interesting... (Score:5, Informative)
It does ship *secure* out of the box. No remote exploits.
Don't open any ports until you get the hang of it.
Either way, it won't be *more* dangerous than Windows
Re:Wrong career (Score:3, Informative)
Mitglieder = Members
Re:How does the money change hands? (Score:5, Informative)
Caymans are where it's at.
Rent botnets here! $0.05/machine (Score:5, Informative)
SpamForum [spamforum.biz]
SpecialHam [specialham.com]
And the new WildBiz [wldbiz.com].
WildBiz does not require registration; the other two do. Just enter the forums and look under "Proxy Lists". Typical ads:
First of all Hi to all of my seniorshooters here..
Having good collection of fresh Proxies and got DM ["Dark Mailer"
DM Latest version (Full) for $49
Fresh Proxies $50 for 500 proxies
dmandproxies@iamdns.com [mailto]
61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
81.33.4.70:3128@TUNNEL$GOOD$2953$Spain
61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
218.208.247.81:3128@TUNNEL$GOOD$15219$Malaysia
219.144.194.74:1080@SOCKS4$GOOD$1125$China
66.154.54.215:80@TUNNEL$GOOD$4157$United States
66.154.54.224:80@TUNNEL$GOOD$1266$United States
We provide Hourly Updated Fresh Proxy Lists, which can be used for bulk mailing
That's how you market a botnet.
Yes, these operations are addressed to wannabe spammers. But the fact that they're advertised openly indicates how weak enforcement is.