home contact keylogger.org add keylogger.org to favorites set keylogger.org as homepage Anti-Keylogger.org
Keylogger testing and reviews

Keylogger testing policy

Press-releases

Keylogger developers

Links 		Monitoring Software Keylogger articles

Get Free Software

Keylogger chat

Keylogger forum

Sponsorship & services
Advertising
Best antispy software Christmas Offer
Site News
Current section
Keylogger.Org Site News

December 08th, 2008

New version of ReFog Personal Monitor and its review added!
Security World News
Keylogger.Org Security World News

January 06th, 2009

Security spending stays strong

Security experts warn against pirated Windows 7

China vows to clean up the internet

RIAA dumps sleuthing firm

Simple Hack Beats Biometrics

Researchers Hack Into Intel's VPro

Thailand blocks 2,300 websites

Hackers hijack Obama's, Britney's Twitter accounts
Voting

We are planning to redesign our site. We would like You to express your opinion in this respect. Would you like to leave the site as it is? What changes would you like to suggest?

Yes, I like the site as it is.
It's ok, but some changes are necessary.
It should be changed completely.
VotingView results
DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

November 19th, 2008

Hosting firm takedown bags 500,000 bots

The shutdown last week of a U.S.-based Web hosting company crippled more than 500,000 bots, or compromised computers, which are no longer able to receive commands from criminals, a security researcher said today.

Although the infected PCs are still operational, the previously-planted malware that tells them what to do can't receive instructions because of the shutdown last week of McColo Corp.

"Half a million bots are either offline or not communicating" with their command-and-control servers, estimated Joe Stewart, director of malware research at SecureWorks Inc.

McColo was disconnected from the Internet by its upstream service providers at the urging of researchers who believed the company's servers hosted a staggering amount of cybercriminal activity, including the command-and-control servers of some of the planet's biggest botnets. Those collections of infected PCs were responsible for as much as 75% of the spam sent worldwide. When McColo went dark, spam volumes dropped by more than 40% in a matter of hours.

The McColo takedown resulted in a record number of bots being severed from their hacker controllers by any single event, Stewart said. He compared it to last September, when Microsoft Corp.'s anti-malware utility, the Malicious Software Removal Tool (MSRT), purged nearly 300,000 infected PCs of the infamous Storm Trojan horse.

"That had a good impact, but it didn't stop the flow of spam globally," Stewart said of the MSRT takedown. "It didn't make a difference to other botnets that were still spamming away."

Knocking McColo offline, on the other hand, disrupted at least two major botnets -- "Rustock" and "Srizbi" -- and caused spam to plummet around the globe, said Stewart.

Stewart, a leading authority on botnets, estimated the strength of the top 11 botnets last April. Srizbi, at 315,000 bots, was No. 1 in his census, while Rustock, at 150,000, was in the No. 3 spot.

Rustock's handlers may never recover control of their bots, said Stewart. "It does look like they're lost to them," he said, noting that those bots lack a fail-safe for reconnecting with a command-and-control server if it does dark, as happened when McColo's plug was pulled.

But while Rustock's bots may be orphaned, there's a chance the Srizbi's bots can be brought back under control. "When Srizbi bots can't connect, as a backup, they're coded to try other domain names," to search for new command-and-control servers, said Stewart. Those domains, however, were recently registered, perhaps pre-emptively by a security researcher who had rooted through the Srizbi code.

"They're not receiving new instructions," Stewart said. That would indicate that a third party -- someone who didn't have the Srizbi source code, and thus a way to figure out the protocols for sending new orders to the disconnected bots -- may have snatched up the domain names.

It may be the case, though, that Srizbi's creators thought of that, and that any fallback domain names are not hard-coded into the bot but are generated using an algorithm of some sort. "If Srizbi is programming intelligently enough so it not only says, 'I'm going to try some new domain names,' but also 'If that new server is not sending valid data, then generate another domain name,' maybe they can be recovered," Stewart speculated.

Also helping Srizbi in the wake of the takedown, Stewart added, is that it used a more compartmentalized structure. The malware is essentially a collection of smaller botnets that at some levels are shared, so not all of its command-and-control servers were hosted by McColo.

And not all botnets have been affected equally, Stewart said. "Bobax and Cutwail, they're still spamming," he said. In Stewart's April estimate, Bobax was No. 2 out of the 11 botnets, accounting for approximately 185,000 PCs, while Cutwail was No. 4, with 125,000 bots.

Worse, even if the Rustock and Srizbi bots have been permanently cut off from their criminal overlords, it doesn't mean the end of those botnets. It's all too easy for criminals to buy compromised computers from others, or simply seed their malware in a major campaign to infect new systems.

"I'm sure they'll be back," said Stewart.


Source: ComputerWorld




All news for January 06th, 2009:
15:58Security spending stays strong
15:58Security experts warn against pirated Windows 7
15:57China vows to clean up the internet
15:56RIAA dumps sleuthing firm
15:55Simple Hack Beats Biometrics
15:54Researchers Hack Into Intel's VPro
15:53Thailand blocks 2,300 websites
15:52Hackers hijack Obama's, Britney's Twitter accounts

All news for January 05th, 2009:
16:36Police get new hacking powers
16:36VeriSign addresses SSL certificate flaw
16:35'Curse of silence' flaw hits smartphones
16:32Microsoft tells how it missed critical IE bug
16:31Expert: Microsoft made $1.5B on 'Vista Capable' campaign



All news for January, 2009
All news for 2009 year
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!

Advertising
Your Ad Here
| home | testing and reviews | testing policy | press_releases | developers |

| articles | contest | chat | forum | sponsorship & services | contacts | links |
Copyright © 2003-2008, Keylogger.Org Team. All Rights Reserved.
Use of any information from this website is permitted only with hypertext link to www.keylogger.org.