Tuesday, November 17, 2009
Shadowserver to Take Over as Mega-D Botnet Herder
The infected computers are part of a botnet called Ozdok or Mega-D, which at one time was sending out around 4 percent of the world's spam messages.
Last week, security vendor FireEyelaunched a drive to dismantle the botnet. The infected computers receive instructions and information for new spam campaigns through command-and-control servers. FireEye contacted network providers which hosted those servers, and most were shut down.
That meant that the people controlling the hacked PCs, known as botnet herders, couldn't contact most of their bots anymore. Spam from Mega-D almost stopped entirely. FireEye also cut off a second redundancy mechanism the herders programmed into Mega-D.
If the infected machines can't contact a command-and-control server, they're programmed with an algorithm that will generate a random domain name and try to contact that domain daily. The herders know what this domain will be and can upload new instructions there. PC World