Star Massive Windows Botnet Uncovered
Linked by Thom Holwerda on Wed 22nd Apr 2009 21:44 UTC
Privacy, Security, Encryption Researchers at security firm Finjan have uncovered a massive botnet of Windows machines. The botnet is 1.9 million machines strong, with many of the machines located in the United States: 45% of them are located in the US. The researchers detailed their findings at the RSA Conference in San Fransisco.
E-mail Print r 3   · Read More · 30 Comment(s) http://osne.ws/gh8
Thread beginning with comment 359983
To read all comments associated with this story, please click here.
Think about how they got the info
by KenJackson on Thu 23rd Apr 2009 00:24 UTC
KenJackson
Member since:
2005-07-18

As folders on this server were left open, we were able to get more information for our research.

That sounds like they are spying on the screen content of the control server, but that they can't access files on disk. Maybe they commandeered a web cam in the same room that faces the server. If the criminals got wind that they were being spied on, maybe they left some highly inflated and misleading data on the screen.

I wonder if the final report will be a "Spy vs. Spy" episode in Mad Magazine.

Reply Bookmark Score: 2

DittoBox Member since:
2005-07-08

SMB shares most likely. I sincerely doubt the control server runs VNC that's open to anyone.

Reply Parent Bookmark Score: 2

KenJackson Member since:
2005-07-18

Whatever the mechanism, one has to wonder if they are clever enough to do the crime, they may well be clever enough to leave misleading information laying around for researchers to glom onto.

Reply Parent Bookmark Score: 2

Read more of this thread... >
libray Member since:
2005-08-27

The command and control system which was connected is probably a temporary, bot infected one itself. The C&C will change over time and there could be many dozens of them at a time.

The C&C most likely is not the bot masters system.

Reply Parent Bookmark Score: 2