Saturday, June 18, 2011

Dark Shell: A DDOS targeting industries


Dark Shell, a Distributed Denial of Service botnet was first originated in china and now used by many around the world targeting industries and plants.
The piece of malware behind these botnets, known as Darkshell, is using a slew of command-and-control servers, nearly all of which are located in China, and is fairly run-of-the-mill in terms of its installation and operation. However, the one rather odd part of the Darkshell botnets' behavior is that their owners are using the networks to launch attacks against a large number of manufacturers of relatively obscure machinery used for food processing.
An attacker can use this to bring down the industry sites and/or an critical application belonging to an individual company or a group of company. Here, its odd fro several individual bot-nets though the are using the same bots to attack a large number of specific industry sector.
One common pattern of Darkshell behavior is to attack three or four different URLs associated with a particular food processing equipment vendor; these multiple URLs are typically associated with pages displaying specific products. We have also observed instances in which multiple Darkshell botnets engaged in coordinated attacks against a single victim (again, vendors of industrial food processing equipment.)
for more specific details on Malware details, communication protocols, attack traffic and control servers, visit arbornetworks.com

Another Banking Malware: Hybrid Zeus and SpyEye


The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation. Brian Krebs broke with the news about the merger between ZeuS and SpyEye, many security vendors have argued whether this information is true or just a rumor.
Some of the vendors have uncovered "hard evidence" of cyber criminals posting on underground forums about this new merge. These posts were later found to be fake.
A week ago, Trend Micro Labs described what seemed to be the real SpyEye administration panel of the merged malware kit. Recent findings by Seculert Research Labs uncover that this may just be the tip of the iceberg. In fact, our researchers found that this piece of "Hydra" malware has a fresh new ZeuS head.
To Read more on this Topic:
http://blog.seculert.com/2011/01/fresh-new-hydra-head.html
http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/
http://krebsonsecurity.com/2010/04/spyeye-vs-zeus-rivalry/
http://krebsonsecurity.com/2010/09/spyeye-botnets-bogus-billing-feature/