Researchers Raise Alarm Over New Iteration of Coreflood Botnet

The seven-year-old Coreflood botnet is quietly stealing thousands of passwords from corporate users and other large organizations, thanks to recent enhancements that allow it to spread like a worm, researchers say.
In a nutshell, Coreflood has combined its old ability to deliver a password-stealing Trojan with a new ability to infect whole Windows domains in a matter of hours.

“This is potentially way more malicious than Storm, because it is collecting passwords — rather than just sending out spam or denying service — and because the user doesn’t have to click on a link or do anything at all in order to be infected,” says David Jevans, CEO of security vendor IronKey and chairman of the Anti-Phishing Working Group.

Coreflood, which started out as a simple Trojan in late 2001, has been reiterated more than 100 times during its long lifespan. But with the enhancements, the Trojan now has the ability to infect Windows administrators’ machines and then use their privileges to infect all of the other machines in the administrator’s domain.

“We’ve literally seen situations where there was only one machine infected, and within a few hours, 30,000 other machines on the same network were also infected,” Jevans says. “And these aren’t random infections — if it gets through to one administrator’s machine, then all of the devices in his domain will be infected.”

Source/full article: Tim Wilson/DarkReading

July 26, 2008 - Posted by Smokey | Advisories, Alerts, Malware, Security, Vulnerabilities | Anti-Phishing Working Group, Coreflood Botnet Trojan, infections, Malware, microsoft windows, networks, password stealing, SecureWorks, Storm | No Comments Yet

No comments yet.

« Previous | Next »

Introduction

weblog1

smokey_hat2
.
Welcome to Smokey’s Security Weblog!

Like my board Smokey’s Security Forums, this blog is mainly devoted to Security and all related issues. However, other issues like e.g. major occurances on my forum and social topics will be blogged too.

My forum offer free security and malware related Support, Help, Advice and Education.

As extra service we have a HijackThis & OTL (formerly OTListIt2) Logs Analyzing and Malware Removal/Cleaning Help Forum, full qualified HJT/OTL Analysers/Malware Hunters will be pleased to help you for free to clean your malware infected PC.

We are hosting and maintaining the Official Jetico Inc. Support Forums, including the following products:

- Jetico Personal Firewall V1
- Jetico Personal Firewall V2
- Jetico BestCrypt for Windows
- Jetico BestCrypt for Linux
- Jetico BestCrypt Volume Encryption
- Jetico BCArchive
- Jetico BCWipe for Windows
- Jetico BCWipe for UNIX

Disclaimer: information in this blog can be based on (not confirmed) statements of (anonymous) sources, Smokey’s Security Weblog don’t take any responsabilty for the credibility of these sources and their statements.

The posts/articles in this blog can be supplemented with so called “Possibly related posts” links. Because these links are automatically generated by WordPress.com, Smokey’s Security Weblog have no influence on the links itself and/or content of them. Therefore this Weblog don’t take any responsability for these links and all related issues.

About Copyright and this Blog: it is allowed to reproduce (parts of) posts in this blog if this reproduction is provided with a direct link to the original blog post. It is NOT allowed to copy, use and/or reproduce any image or blog banner.

Blog comments policy: to restrain indecent and off-topic comments and spam, comments are reviewed before publishing. Therefore, delay in comment publishing is unavoidable. Obligatory language of comments is English.
.