How does a malware-driven botnet operate?

By | October 9, 2014

Wayne Huang, a Proofpoint security researcher, has been able to peer at how a (Russian) cybercrime group has built and used a large network of 500,000 infected computers. And the results are quite interesting.

There isn't anything particularly novel in the attack approach: "Modern threats frequently use an integrated system of legitimate but compromised websites, obfuscated redirects, “traffic redirection system” (TDS) filters, exploit kit hosting sites, and malware hosting sites." This combination is quite effective and extremely flexible, and ensures that infected hosts can be abused in multiple ways.

Perhaps most interesting is that the cybercrime group did actually use infected hosts in several ways, among others:
– financial identity theft
– selling internet traffic routing through affected machines
– renting out the botnet

That's quite a lot of commercialization possibilities. And with that scale, quite a lot of potential income on the dark web. The kind of income that makes you stop and think: is this a situation that you created to willingly live in? Surely there must be a more incentivized way to reduce cash and keep everyone out of trouble!

Get all the details from the Report here:
http://cdn2.vox-cdn.com/uploads/chorus_asset/file/2340876/proofpoint-analysis-cybercrime-infrastructure-20141007.0.pdf

Leave a Reply

Your email address will not be published.