The folks over at FireEye report (http://blog.fireeye.com/research/2009/11/smashing-the-ozdok.html) on one of their takedown efforts of the Ozdok (aka Mega-D) botnet. Victims of this infection have pop-up advertisements pushed their system and they are used to send spam—a significant amount of spam according to M86 Security (http://www.m86security.com/TRACE/traceitem.asp?article=510). More information is available from Joe Stewart: http://www.secureworks.com/research/threats/ozdok/. |
Kevin Liston 292 Posts ISC Handler Nov 8th 2009 |
Thread locked Subscribe |
Nov 8th 2009 1 decade ago |
I guess this is good news - the article suggests that they don't have 100% control as of yet, and if the bot herders regain control for a bit they can push new versions with new and different CnC domains.
The link suggests that this botnet may have approximately 264K members, which may underestimate the population if a lot of the infected machines are behind firewalls doing NAT. I would tend to agree that the walled-garden approach probably makes sense. It cuts the infected machines off from any other sources of malware until they can be reimaged or cleaned. There is a market out there for people to do cleanups/reinstalls/virus removal from machines. Average users really aren't going to have enough experience with this sort of thing. If someone came to me and I didn't feel like doing it myself (usually the case), I don't know who I would recommend. I see horror stories about the "services" offered at some stores. |
Anonymous |
Quote |
Nov 8th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!