Zombies Blend In With Regular Web Traffic 117
An anonymous reader writes "Hackers controlling farms of zombie computers are now trying to blend in with web traffic, News.com reports. Instead of traditional IRC controls, many zombie farms are moving to simple web-based control schemes, which makes them harder to track down." From the article: "The change in tactics makes it harder to identify zombies on a network, and it becomes tougher for security professionals to use the hackers' own tools to spy on them. In addition, the switch to Web-based control increases the threat of zombies to enterprises and other organizations, as that method can't be blocked as easily as the previous technique."
Impact to advertising (Score:5, Interesting)
Zombie spambots are attacking my site as we speak (Score:5, Interesting)
Anybody else seeing this kind of stuff happening?
HA HA!!!! (Score:3, Interesting)
Now you have to block port 80 as well... Good luck with that
The bad guys have orders of magnitude more money behind them then the good guys, it's obvious who will win.
Spamhaus saves the day again? (Score:5, Interesting)
"The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits."
zombie control by steganography (Score:4, Interesting)
The enterprise response (Score:4, Interesting)
Spamhaus is in legal trouble (Score:3, Interesting)
Once GoDaddy gets the court order to switch off Spamhaus's domain, how will you use SBL/XBL?
You've got a point (Score:5, Interesting)
I can actually imagine the botnets and the blog spammers getting together on this. Someone blasts a bunch of nonsensical comments to various blogs, wikis, guestbooks, etc. They monitor them to see which ones get cleaned up. The ones that don't get cleaned up are designated as sources for commands. Then the spambots start posting encoded commands along with the blogspam, and the zombies start reading the blogs' comments to get instructions.
Talk about a disturbing synergy.
Re:Zombie spambots are attacking my site as we spe (Score:3, Interesting)
Yes, if you
The "dot" could in extreme cases be used. But if it's replaced by a period (and placed such that it fits with normal syntax, following a word and followed by a space), that too becomes unrecognizable. It's going to catch an enormous number of false positives.
The only remaining vulnerability is to search for "gmail", "yahoo" or "hotmail". I'm afraid I don't know a solution for that one, unless someone knows a way to mask domain names as well?
"Protect your email address: Write in leetspeak!"
Re:You've got a point (Score:3, Interesting)
I've used this particular group to track spam trends. For instance, look at the spam boomlet in this group at the end of 2003 after the Sobig http://en.wikipedia.org/wiki/Sobig_worm [wikipedia.org] worm did its damage.