Researchers Say Kelihos Gang Is Building New Botnet 110
alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."
Comment removed (Score:5, Insightful)
Two deadly vectors of infection... (Score:4, Insightful)
Another reason I'm glad I don't use Facebook or Windows.
Re:Two deadly vectors of infection... (Score:4, Insightful)
As a previous poster pointed out, trojans care not if it's Windows, Linux, Mac OSX or BSD because the user is the weak link, not the OS. All you need is 1) a trojan for that OS and 2) a user that gives the trojan permissions - most infections I've come across on Windows lately do not have administrator permissions unless the user does. Likewise, Facebook isn't so much the weak link as users are because they'll click on anything.
Re:How many of those where linux pc's again? None (Score:2, Insightful)
Linux isn't some magic bullet that is immune to trojans
repeat after me, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel, Linux is the kernel
as long as whatever happens to be the payload can access user's files and see what the user does and can make network connections that's all it needs
How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.
So yeah, I have yet to see a malicious ELF executable being distributed on Facebook - LOL!
Re:How many of those where linux pc's again? None (Score:5, Insightful)
How do you pretend to deliver that payload exactly? Heck, every Linux distribution out there is totally different from the others, they have different, ABIs (elibc, glibc, uclibc), different kernel versions which are also patched differently. They run different window managers and different desktops environments. People running Linux are also more educated.
And nearly all will run bash, python and perl scripts. A malicious payload doesn't have to be a compiled binary.