Worm sparks rise in zombie PCs

Malicious code that exploits a recent Windows hole has led to significant growth in the number of hijacked PCs, according to messaging security company CipherTrust.

On Tuesday, CipherTrust reported a 23 percent growth in the total number of so-called zombie PCs it has detected. The jump is due to the spread of Mocbot worm variants, CipherTrust said. Mocbot, also known as Cuebot and Graweg, exploits a Windows security flaw for which Microsoft issued a patch with security bulletin MS06-040 on Aug. 8.

"Around Aug. 13, the weekend after Black Tuesday, we started seeing a gradual increase in the average number of new zombies," said Dmitri Alperovitch, a research scientist at CipherTrust in Alpharetta, Ga. "It went up from 214,000 every day in the previous week to 265,000 every day."

Any computer infected by Mocbot will become part of a botnet, a large network of compromised PCs that can be controlled remotely to carry out tasks such as sending spam. In June, Microsoft warned that the threat posed by botnets and zombies was growing fast.

CipherTrust can trace the increase in spam-sending zombies to Mocbot by comparing junk e-mail sent by systems it knows were compromised by the worm to the spam sent by new zombies, Alperovitch said. "They are mostly Rolex spam and porn spam, and they are the same messages that are being sent by these new zombies coming online," he said.

Alperovitch estimated that somewhere between 500,000 and 1 million machines were hijacked by Mocbot. As a result, more junk mail is soiling the Internet, with spam making up 81 percent of all mail volume this week. "I would not say this has been a huge outbreak, but it has been a noticeable change," he said.

Security experts had said that the MS06-040 worm appeared to be limited in its spread and only hitting computers running Windows 2000.

Colin Barker of ZDNet UK reported from London.

[n3td3v]

It is easy as switching on your computer

You don't need to be a elite hacker to harvest these zombie networks, its pretty automated. It is as easy as loading in given exploit code into a program and executing. Within an hour, you have machines ready to make you money, so you don't need to get out of bed to make a living. There are folks who do this purely as a first job. They don't have any other job, they purely live off zombie based online business. There is no point in scape goating a particular Microsoft vulnerability, there is a fundermental design flaw in operating systems, allowing them to be hacked by "what you see is what you get" hacker tools, seen on the usual (underground) sites for download. The zombie masters don't care what the exploit is, whatever vendor it is today to have a vulnerability is the usual thought process people have. Usually the folks with an interest, aren't hackers or script kids, they are just opportunist criminals, who come from real life criminal backgrounds, rather than computer geeks. Sometimes these criminals prefer to buy a network of compromised hosts for a price... and thats where perhaps experienced hackers may get involved to make money out of criminals who want these zombie networks. There aren't a lot of people approaching for the use of distributed denial of service attacks anymore, like there once was, its more than always for a commercial venture these days. I would be interested to know how many of these "recent" zombies are Windows 98, since Microsoft have stopped allowing some 70 million users of the operating system, from securing their systems. An obvious first target for a zombie network if you ask me. I don't think anyone (security companies) even include if Windows 98 is vulnerable anymore in their analysis, even if it is, because Microsoft no longer are developing the patches for the operating system, so why bother mentioning it?

[robot999]

What

are you smoking??
"There is no point in scape goating a particular Microsoft
vulnerability, there is a fundermental design flaw in operating
systems, allowing them to be hacked by "what you see is what
you get" hacker tools..."
How many live zombie macs are out there? Where are the
"flaws" and "tools" you mention for OS X, Unix, or z/OS?? Yes,
yes, yes, I know... the market share (blah, blah, blah). I have an
idea... let's test out this THEORY, let's all go out and buy a Mac
and see what happens. I could not be any WORSE than M$
faults, failures, and security holes.

[hadaso]

ISPs don't seem to care about zombies

I report a lot of spam to the source ISP (using spamcop.net). Most spam seems to come from dynamic IP addresses, indicating they are sent by zonbie PCs. It doesn't seems that ISPs are doing much to deal with these sources of spam in their networks.

I also reported several time that mailmedia.org is a spammer that operates a network of zombie PCs (and charges money for their use). It doesn't seem that the host of this site cares, and these spammers continue to market their illegal services through this site. (And they don't just advertise porn/viagra. They have serious clients such as non-profit organizations that also receive government funding. So mainstream advertising money now goes into this botnet business).

[extinctone]

Patch. Patch the patch. Patch the patches patch.

If you use Microsoft products, this is what you get regardless of defenses in place.

[n3td3v]

you buy half a product with microsoft, the other half comes free

they tell you to buy half a product, the other half comes free as patches.