[+] Wayc0de's Blog[+]

07/09/11

Botnet rentals reveal the darker side of the cloud

The operators of the TDSS botnet are renting out access to infected computers for anonymous Web activities

Cloud computing isn't just opening up new opportunities for legitimate organizations worldwide; it's also proving a potential boon for cybercriminals as it inexpensively and conveniently puts disposal powerful computing resources at their fingertips, which helps them quickly and anonymously do their dirty deeds.

Among the latest examples of this unfortunate trend comes via Kapersky Labs: The company has reported that the operators of TDSS, one of the world's largest, most sophisticated botnets, are renting out infected computers to would-be customers through the awmproxy.net storefront. Not only has TDSS developed a convenient Firefox add-on, it's accepting payment via PayPal, MasterCard, and Visa, as well as e-currency like WebMoney and Liberty Reserve.

Also known as TDL-4, the TDSS malware employs a rootkit to infect Windows-based systems, allowing outsiders to use affected machines to anonymously surf the Web, according to Kapersky researchers Sergey Golobanov and Igor Soumenkov. The malware also removes some 20 malicious programs from host PCs to sever communication with other bot families. (Evidently, botnet operators are becoming increasingly competitive with one another.)

According to the researchers, the operators of TDSS are effectively offering anonymous Internet access as a service for about $100 per month. "For the sake of convenience, the cybercriminals have also developed a Firefox add-on that makes it easy to toggle between proxy servers within the browser," they reported.
According to Golovanov, once machines are infected, a component called socks.dll notifies awmproxy.net that a new proxy is available for rent. Soon after, the infected PC starts to accept proxy requests.
Notably, Kapersky does offer a utility to remove TDSS dubbed TDSSKiller.

This isn't the first instance of an organization making expansive cloud-based systems available to potential ne'er-do-wells, though it's arguably among the most brazen examples. Amazon Web Services have proven possible to exploit to pull off cheap brute-force attacks and could be abused for other unsavory deeds as well, such as spam propagation.

nb : infoworld

Tidak ada komentar:

Posting Komentar