Wilson Technology Group and More

Your One Stop IT and Telecommunications Firm

Botnet Propagation

Leave a comment

Botnet operators, also known as “bot farmers,” use a variety of different methods to build their networks of bots.  Common methods include email viruses, Internet worms, drive-by-downloads of malware, Trojans distributed on portable storage devices, and more.  A case in point, a sweeping report about the Koobface botnet reveals how its architects infected more than 2.9 million computers.  The Koobface operators used social networking tactics on the world’s leading social network platforms – Facebook, Twitter, and MySpace – to spread the botnet malware.

Koobface primarily targeted Facebook.  Its main means of propagation was through fraudulent Facebook messages that enticed recipients to watch a video, such as an embarrassing video captured by a hidden camera.  Once users clicked on an embedded link in the message, they would be taken to a compromised site hosting the malware.  Then, when users tried to view the video, they would be instructed to update their Adobe Flash Player or download a new codec.

If users agreed to install the fake update, they would unwittingly download the Koobface malware.  Then when these users logged into their Facebook accounts, the Koobface malware would send malicious messages to a new hose of victims.

The techniques used to propagate Koobface are typical of the entire botnet industry:  viruses, worms, and Trojans spread through application and system vulnerabilities or social engineering tactics.

Visit http://www.wilsontechgroup.com for more information.

Taken from:  Imperva



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s