« Links Roundup | Main | Links Roundup »

June 7, 2005

More info about the Gleider trojan

This EWeek article on the Gleider trojan has some good information about how the trojan works and why it's important to be aware of. It apparently represents the most advanced botnet-creating software out there. In successive waves, the first trojan downloads a second, known as Fantibag, (which disables antivirus software), and then a third, known as Mitgleider, which turns the compromised machine into a member of a botnet.

"These guys have worked out that they bypass past signature scanners if they tweak their code and then release it quickly. The idea is to hit hard and spread fast, disarm victims and then exploit them," Thompson said in an interview with Ziff Davis Internet News.

He said he thinks the attack, which used virus code from the Bagle family, is the work of a very small group of organized criminals. "There's no doubt in my mind we are dealing with organized crime. The target is to build a botnet or to add to existing ones. Once the botnets reach a certain mass, they are rented out for malicious use."

"There's a black market for infected computers. The bigger your botnet, the more money you can make," Thompson said. He said researchers tracking underground hacker activity had seen a price tag of about 5 cents per infected machine.

That seems rather cheap, but given that another recent study found that there might be as many as 175,000 new bots created in a given day, that's probably about right. And it should also provide an enormous impetus to keep the botnet engines stoked.

Posted by schampeo at June 7, 2005 10:42 AM

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

• Classifications
• News
• Request Eval