Kraken botnet balloons to dangerous levels
Monday, April 7. 2008
A large botnet, estimated to be roughly twice the size of the one created by the Storm Trojan, has been gathering strength for the last several months, gaining more than 100,000 new machines in the last month alone.
Known as Kraken, the malware that infects the victims' PCs is somewhat similar to the Storm Trojan and others like it, in that it uses encrypted communications and has the ability to move command and control functionality around the botnet if need be, according to researchers at Damballa Inc., a security vendor that has been tracking the Kraken botnet. And, like most botnets, the purpose of the Kraken network seems to be the propagation of massive amounts of spam. Damballa officials say they have seen individual machines sending as many as 500,000 spam messages in a single day.
But, unlike both Storm and Nugache, the Kraken botnet does not use a peer-to-peer architecture. Instead, the malware code includes a list of domains in which the C&C server might be located, and once a new machine is infected it begins looking through that list to find the current location. If a C&C server is taken down, as often happens with large botnets, Kraken's creator can simply move the command and control function to another domain in the hard-coded list, said Paul Royal, principal researcher at Damballa, of Atlanta.
Bookmark with:
Continue reading "Kraken botnet balloons to dangerous levels"
