Building the "Mother of all Bot Networks"?

Melior, Inc. Spam and Worm Monitors report today drastically increased daily counts of hostile executable attachments (trojans, worms, viruses) to Spam (UCE) messages. This report indicates the highest level of intrusion attempts by way of Spam observed so far, up 40 times from a consistent average since November 21st, to peak levels within the last two days, on Saturday December 5th and Sunday, December 6th, in Europe and Asia. Compromise in the US is expected to rise further with the beginning of the business day on Monday in the United States.

Dallas, TX December 6, 2004 -- Delivered by Spam and by auto-replication through Penetration Testing (PenTest), trojans, worms, and viruses are the initial step to compromise large numbers of desktops in corporate and government networks, as well as home computers on broadband connections. Once compromised, these PC systems are operated as "bot networks", and used to deliver Spam (unsolicited commercial e-mails - UCE), along with more compromise tools, and to launch distributed Denial-of-Service (dDoS) attacks.

In turn, Denial-of-Service attacks are then used by organized crime groups and potentially terrorist cells for extortion attempts and other agendas; the "bot" networks play a powerful tool as an effective weapon in these attack events.

The number of average daily compromises of PC systems to be included in such "bot" networks was recently reported to have increased from 2,000 to 30,000 a day (in studies by Verisign and Symantec). A "bot" network of 100,000 systems was recently shut down by law enforcement agencies.

Due to the nature of our business, to develop effective tools to defend against dDoS attacks, Melior operates monitoring services to observe and catalog attempts of compromise, Penetration Testing scans, and keeps track of Denial-of-Service attacks. A particular focus is given to the payload of Spam e-mails to aid Research & Development of another Melior CyberWarfare product against the Denial-of-Service conditions created by Spam.

Within the last two days, the monitors reported quarantines of a drastically higher number of hostile executables embedded in Spam messages. From a typical, consistent average of under 50 such hostile attachments in one of these monitors, the number started to slowly increase on November 21st to about 5 times the normal average, and as of Saturday climbed to 12 times the average. As of Sunday, December 6th, the number of hostile executable attachments has reached the unprecedented level of 42.6 times the normal average, and keeps climbing.

So far, the originating source IP addresses are located in Asia and Europe. Melior expects this number to increase further, as the business day in the United States starts on Monday morning.

The observation lends to conclude this pattern is an indication of renewed efforts to compromise larger numbers of PC systems in an effort to build a very large "bot" network; hence the term of the "mother of all bot nets".

Melior advises to verify this information at other Internet monitoring sites, and to take appropriate precautions.

About Melior
Melior Inc. ('melior' is Latin and means 'better') is a privately held US company headquartered in Dallas, Texas, with offices in Dortmund, Germany and New Delhi, India. Melior provides solutions against distributed Denial-of-Service (dDoS) attacks, which also protect against Penetration Testing for vulnerability exploitation.

Melior, Inc. contributes actively in anti-Crime and anti-Terrorism efforts with goverment agencies in the United States and in Europe.

Barbican, Barbican RNP, iSecure, Perfectionists At Work are registered trademarks of Melior, Inc.

For more information and reseller contacts, please visit Melior's CyberWarfare Defense web site at www.dDoS.com

Contact Information:
Mr. Matt Gair
Chief Operating Officer and Co-Founder
Melior, Inc.
US Headquarters
Columbus A. Langley Building
1501 Beaumont Street
Dallas, Texas 75215
USA
Tel: +1 (214) 421-5975 and 1-888-4MELIOR
Fax: +1 (214) 421-5951 and 1-888-TOFAXUS
www.dDoS.com

# # #

This article courtesy of  http://www.monitorshq.com.
You may freely reprint this article on your website or in
your newsletter provided this courtesy notice and the author
name and URL remain intact.
 

 

Advertise here!

Sign up for our monitors   newsletter here!

Enter Email Address Here:

 

http://www.monitorshq.com is an information web site focused on Monitors. http://www.monitorshq.com does not represent or endorse the accuracy or reliability of any of the information, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website. Any complaints should be directed to the individual businesses. Mention of and links to third party companies and products are for informational purposes only and constitute neither an endorsement nor a recommendation and are not intended to suggest any affiliation unless expressly stated. http://www.monitorshq.com reserves the right in its sole discretion and without any obligation to make improvements to or correct any error or omissions in any portion of the Service.