Malware Market

There is a market for malware tools complete but buyers, sellers, and middlemen or “guarantors” that vouch for the sellers and his/her product. In fact, there is a “developer ecosystem” around the development of plugins around some of the more popular kits.

These tools are effective even if are simplistic from a technical perspective. It is not just the big well known botnets that are of concern, smaller (and often targeted) botnets present significant security concerns as well.

Recently, we found a forum post advertising a malware bot for sale and found a command and control server being used with this bot kit. An attacker using this bot was able to acquire username and passwords form HTTPS sessions from over 2000 Internet users — many of which were for web hosting accounts. (Read the entire post here.)

With the help of AusCERT we were able to notify the affected parties and the .WS domain registrar suspended the command and control server domain names. China CERT also appears to have disabled the C&C operating in China.

This entry was written by nart, posted on January 7, 2010 at 12:48 pm, filed under SecDev.cyber Blog and tagged , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.