Botnets + hacking kits + Web app holes = good times for cybercriminals

Criminal-controlled botnets are becoming more resilient and powerful than ever. It’s easier than ever for even low-skilled hackers to supply botnets with freshly infected PCs via user-friendly hacking tool kits. And many of them are using these tool kits to spread infections  on weakly protected web pages put up by legitimate corporations.

Those are conclusions from recent security reports from Symantec’s MessageLabs division, Microsoft, M86 Security, WhiteHat Security and Imperva.

The MessageLabs report and Microsoft report both show that even when the good guys shut down ISPs hosting large swarms of infected PCs spewing spam, the bad guys “quickly recover and continue to send malicious content almost uninterrupted, ” says Paul Wood,  MessageLabs Intelligence Senior Analyst.

Rustock the largest and most powerful botnet controls between 1.6 million to 2.4 million infected PCs; it has increased spam output by 300% in recent months and is responsible for a third of global spam. The top three Rustock-infected countries are India, USA, and Brazil, says Wood.

Hacking tool kits readily for sale

The M86 report details the  rise of hacker tool kits, counting more than a dozen new kits being marketed on the Internet in the past six months. Most of these kits are in Russian, such as Adpack and Fragus, perhaps indicating the location of buyers, and the majority take advantage of security weaknesses in Adobe Flash, javascripts and, Adobe PDF readers.

Kits with names like Crimepack, WebAttacker, MyPolySploit, XCore, UniquePack and LuckySploit typically sell for $100 to $1,000, and all include basic coding to infect PCs and have them report to a botnet controller, says Bradley Anstis, VP of Technology Strategy for M86 Security.

Meanwhile, the Ponemon Institute recently surveyed 627 IT pros at more than 400 multinational enterprises and government organizations in a study sponsored by WhiteHat Security and Imperva. The survey shows more that than 55% of developers writing Web programs are are too busy to respond to security issues, while 74% of the survey respondents said they don’t have a dedicated security team.

The circle of (criminal) life

“Botnets are PCs that have been infected with malware. Malware predominantly spreads by exploiting unpatched Web browsers which people use to visit legitimate, yet infected websites,” says Jeremiah Grossman, CTO of WhiteHat Security.

Websites, in turn, are getting infecting by hackers using toolkits honed to search out webpages ripe for SQL injection attacks, that crack into the database layer of weakly-protected websites. Click on a tainted webpage and you won’t notice anything. Your PC gets turned into an obedient “bot,” and for good measure all of your account logons routinely get stolen.

“Welcome to the cat and mouse game,” says Antsis. “Everytime an infected bot gets remediated or a botnet gets taken down, the blackhats develop new ways to get around that.”

Chart courtesy of  Symantec’s MessageLabs Intelligence; Crimepack took kit screen shot courtesy M86.

By Byron Acohido

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone