Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, July 22, 2013

Hackers’ StealRat botnet turns 85,000 unique IPs into malware-spreading tools

Hackers have developed a sophisticated StealRat botnet, capable of bypassing firms’ advanced anti-spam defences, according to security firm Trend Micro. Trend Micro threat response engineer, Jessa De La Torre reported uncovering the botnet, claiming that it uses advanced techniques to hide the malware used in the scam. “While exploiting vulnerable websites to send out spam has already been exhausted by other botnets, StealRat stood out because it used simple yet subtle methods to improve the botnet’s resiliency,” wrote De La Torre. De La Torre said by removing the interaction between the spam message and the campaign’s central server, the criminals are able to bypass most businesses’ cyber defences.


The infected machine acts as a liaison between the spam server and the compromised website,” wrote De La Torre.

“As there is no interaction between the spam and server, it will appear the email has originated from the infected machine. In essence, they have separated the core functions and minimised interactions among them to cut off any threads that could link them to each other.”

The tactic has reportedly proven effective, with Trend estimating the attackers are using 85,000 unique IP addresses or domains to send out spam to seven million chosen email addresses.



Posted on 07/22