Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Srizbi botnet flounders after McColo shutdown  (Read 1184 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Srizbi botnet flounders after McColo shutdown
« on: 19. November 2008., 08:50:07 »


Large numbers of infected computers have been searching in vain for the Srizbi botnet disrupted by the disconnection of ISP McColo a week ago, a security vendor has found.

According to FireEye Security, the company has detected a total of 450,000 compromised IP addresses have been trying to connect to Sribzi-controlled command and control computers that would have been hosted by McColo until it disappeared.

The company identifies Srizbi by monitoring computers that attempt to connect to IP addresses 75.127.68.122 or 64.22.92.154 from November 12 onwards, and recommends that admins check firewall logs to trace http traffic opening ports to these locations.

Spam drop could boost Trojan attacks

The majority of infected PCs will likely be poorly-protected consumer PCs, but in principle an IP connection attempts can come from any PC, servers included. If infected PCs are located on a network, the company cautions that cleaning a system might not be straightforward.

"Srizbi installs a rootkit that hides its changes to system files and registries. In environments where periodic system snapshots are taken, it will be easier to perform a system restore from a known clean snapshot," says a company blog.

Srizbi is only one of a number of high-profile botnets that have been severely disrupted by the de-peering of US-based ISP McColo, after complaints about its alleged hosting of criminal networks. In a working state, Srizbi would use compromised PCs to flood the world with spam.

It's not clear whether the news that McColo managed to fire into action briefly in recent days will have helped the botnet move its zombie PCs to new controllers hosted elsewhere.

FireEye explains its traffic-analysis system in more detail on its website, and has also published a list of tools for cleaning up PCs affected by Srizbi.

(NetworkWorld)

Samker's Computer Forum - SCforum.info

Srizbi botnet flounders after McColo shutdown
« on: 19. November 2008., 08:50:07 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising