Kraken

Kraken is another variant of polymorphic malware, which constantly changes to avoid detection and removal. Kraken appears as an image file to its victims, hiding the the .exe extension from view. The actual payload of the file is encrypted. Once the file is opened, Kraken copies itself to the local machine, restarts and then deletes the original copy. The botnet created with Kraken demonstrates considerable resiliency, using built-in redundancy features to automatically generate new domain names if the botmaster's server is shut down or disabled.

To date, Damballa estimates that Kraken has infected over 400,000 machines, including those of at least 50 of the Fortune 500. Damballa also reports that the malware is undetectable by the antivirus software installed on over 80 percent of infected machines.

Read more about Kraken: - Dennis Fisher reported that Kraken botnet had ballooned to dangerous levels. - Kelly Jackson Higgins wrote about the world's biggest botnet at DarkReading.com. - Brian Krebs investigates how Damballa gathered its data.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT New defenses for automated SQL injection attacks By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites. The old defenses... Information security book excerpts and reviews Visit the Information Security Bookshelf for book reviews and free chapter downloads. Yahoo, McAfee to warn users of dangerous websites Websites suspected of spreading malicious programs or spamming and phishing campaigns will be highlighted in search results.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... cache poisoning  (SearchSecurity.com)