Smokey's Security Weblog

veritas odium parit

Researchers Raise Alarm Over New Iteration of Coreflood Botnet

The seven-year-old Coreflood botnet is quietly stealing thousands of passwords from corporate users and other large organizations, thanks to recent enhancements that allow it to spread like a worm, researchers say.
In a nutshell, Coreflood has combined its old ability to deliver a password-stealing Trojan with a new ability to infect whole Windows domains in a matter of hours.

“This is potentially way more malicious than Storm, because it is collecting passwords — rather than just sending out spam or denying service — and because the user doesn’t have to click on a link or do anything at all in order to be infected,” says David Jevans, CEO of security vendor IronKey and chairman of the Anti-Phishing Working Group.

Coreflood, which started out as a simple Trojan in late 2001, has been reiterated more than 100 times during its long lifespan. But with the enhancements, the Trojan now has the ability to infect Windows administrators’ machines and then use their privileges to infect all of the other machines in the administrator’s domain.

“We’ve literally seen situations where there was only one machine infected, and within a few hours, 30,000 other machines on the same network were also infected,” Jevans says. “And these aren’t random infections — if it gets through to one administrator’s machine, then all of the devices in his domain will be infected.”

Source/full article: Tim Wilson/DarkReading

Advertisements

July 26, 2008 - Posted by | Advisories, Alerts, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: