infosec-news September 2010 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Botnet takedown may yield valuable data

[ISN] Botnet takedown may yield valuable data

From: InfoSec News <alerts_at_nospam>
Date: Fri Sep 03 2010 - 06:28:34 GMT
To: isn@infosecnews.org

http://www.computerworld.com/s/article/9183299/Botnet_takedown_may_yield_valuable_data

By Jeremy Kirk
IDG News Service
September 2, 2010

Researchers are hoping to get a better insight on botnets after taking
down part of Pushdo, one of the top five networks of hacked computers
responsible for most of the world's spam.

Thorsten Holz, an assistant professor of computer science at
Ruhr-University in Bochum, Germany, said his group is working on an
academic paper focused on methods to figure out what type of malicious
spamming software is on a computer that sent a particular spam e-mail.

They looked at several of the major spamming botnets, including Mega-D,
Lethic, Rustock as well as Pushdo and Cutwail, two kinds of malware that
appear to sometimes work together as part of the same botnet.

Holz said they found that Pushdo had a special characteristic in that
more than half of its command-and-control servers were concentrated
within one hosting company. Botnets use command-and-control servers to
issue instructions to the infected PC, such as uploading spam templates
and the target e-mail addresses to send spam.

[...]

_______________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn