| |||
|
|
||
|
|||
| |
|
Home > Security News > Security Blog Log: Clues point to bot 'sleeper cells' |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---------------------------------------------------------------------------------------------------------
This week, experts in the blogosphere worried about some troubling activity that could be interpreted to suggest that an unknown number of botnets are preparing for something big. One such warning came from an information security investigator who goes by the online name SecurityMonkey. In his A Day in the Life of an Information Security Investigator blog, he compares recent bot activity to that of a sleeper cell preparing for a big terrorist attack.
He then directed readers to a March 7 write-up from researcher Juuso Hukkanen in the Newsreader blog describing possible evidence of a future "mass-hack." "During the last few days a bot using the name FuntKlakow has been registering to at least hundreds (maybe thousands) of phpBB forums," Hukkanen wrote. Next time a critical phpBB vulnerability is announced, he said, the bot will "have everything ready … just a post click away from attacking thousands of sites/forums." As SecurityMonkey pointed out, Hukkanen noticed something strange, "like a waiter who checks the silverware on his guests' tables before dinner and notices something out of place. [It's] a perfect example of how a sleeper cell network of virtual 'terrorbots' could cause mass havoc in a short period of time." Up to this point, botnets have been used primarily to relay large amounts of spam and launch distributed denial-of-service (DDoS) attacks. But, SecurityMonkey said, "imagine if a few of these botnets were convinced to join a noble cause or (were) taken over by other sleeper cell bots. What if they decided to concentrate their attacks on the root name servers? Military networks? Government service Web sites? Or, for God's sake, Starbucks.com! Total mayhem could erupt in the monkey household." He said the moral of the story is this: Investigators must take the extra time to notice things in everyday life, during investigations and through casual observation that might be significant three days from now, a year from now, or 10 years from now. "The seemingly harmless act of a new username appearing on a car-talk forum may not raise an eyebrow," he said. "But the behavior of that username (or lack thereof) could be a clue." eBay accounts for sale
While the writing on the site in question is in Russian, Sunbelt Software CEO Alex Eckelberry said the basics of the text are that:
"As is our normal practice," Eckelberry said, "we have reported this to our security contacts at eBay." The Sunbelt blog entry includes screen images from the Russian site.
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
