Botnet turf wars

Spam researchers have discovered an ongoing turf war between "botnet" masters who are attempting to infect rivals' computers and then kick out rivals' own spyware so that the computers they compromise become uniquely theirs.

Botnet computers are machines (generally running one of the notoriously insecure Windows OSes) that are infected with malicious software that lets criminals use them to send spam and launch denial-of-service attacks as part of extortion rackets.

It's not uncommon for a computer to be recruited for more than one botnet, but when this happens, the different criminal masters have to share its resources. With the latest turn, botmasters are turfing each other out of the machines they compromise.

Kaspersky Lab senior virus analyst Alexander Gostev writing in the latest Malware Evolution report states that “war had been declared in cyberspace between the groups producing Warezov and Zhelatin. Taking into account the size of the botnets used by both groups, and their clear aim to conduct a large number of attacks, the situation was clear: this was threatening to become one of the most serious problems on the Internet in recent years.” Gostev identifies three groups from different countries who were all busy with the same thing, creating spam harvesting and distribution botnets. “This brought the three groups into conflict with each other, and they are willing to use everything at their disposal to gain an advantage” Gostev concludes.

The end result has been a huge increase in attacks on users, with an emphasis on developing new techniques to infect end users and evade detection by AV filters. If you need any evidence of this, 32% of all malicious code in email traffic during March 2007 was made up of Trojan-Spy.HTML.Bankfraud.ra according to Kaspersky, and indicating clearly that Bagle, Warezov and Zhelatin have created an epidemic.


(via /.)