QUOTE("Paperghost")
"The great internet shakedown has begun, and to coin a phrase, it's clobberin' time."
Yet consider what our team has been able to ferret out lately -
What is scary here, is the potential for mass damage that we have seen through monitoring this group (based in the Middle East) nearly 24/7. They are slowly but surely building one of those huge botnets we all know and love, spread across the globe and it seems the lockx rootkit was simply the beach-head - the first wave. Naturally, we can only speculate and often researchers have to do just that - a good researcher knows their enemy, and follows a hunch when little evidence is on the table.
They spread the lockx rootkit via IM, hidden in with a big pile of advertising software. As I predicted at the time, the Adware stuff was likely just a decoy, to distract from the rootkit that came in the package.
Over 17,000 users were found to be compromised on a single server, and we found lots of those worldwide.
We spread all new kinds of malware, self-extracting zipfiles, altered file-names, modified infections ripped from other sources of distribution.....and this stuff does all of the below and then some:
For more information on what to expect from this thing, check out the official FaceTime press release here.
Stay frosty, kids.
Yet consider what our team has been able to ferret out lately -
- A rather nasty IM virus tracked, jacked and nailed like a punk.
- The "fake" Google Toolbar, traced back to IM and also tracked right back to 2003.
- The notorious IM Rootkit, so hot they covered it twice in two days on Slashdot. Ye Gods.
What is scary here, is the potential for mass damage that we have seen through monitoring this group (based in the Middle East) nearly 24/7. They are slowly but surely building one of those huge botnets we all know and love, spread across the globe and it seems the lockx rootkit was simply the beach-head - the first wave. Naturally, we can only speculate and often researchers have to do just that - a good researcher knows their enemy, and follows a hunch when little evidence is on the table.
They spread the lockx rootkit via IM, hidden in with a big pile of advertising software. As I predicted at the time, the Adware stuff was likely just a decoy, to distract from the rootkit that came in the package.
Over 17,000 users were found to be compromised on a single server, and we found lots of those worldwide.
We spread all new kinds of malware, self-extracting zipfiles, altered file-names, modified infections ripped from other sources of distribution.....and this stuff does all of the below and then some:
- Can steal your browser auto-complete data which may leak confidential personal information
- Gain access to Microsoft Outlook Express
- Open browsers to launch a denial of service attack, and/or
- Download additional malicious applications
For more information on what to expect from this thing, check out the official FaceTime press release here.
Stay frosty, kids.
Full Read @ VitalSecurity.org