Tuesday, December 29, 2009

Mega-D Botnet Whammied

Ozdok, or the Mega-D Botnet, is estimated to have infected a quarter-million computers around the world and to have sent 1/3 of the world's spam - as many as 15,000 spam e-mails an hour! And last week, Mega-D Botnet suffered a serious blow.

Security company, FireEye, had been working with Mega-D Botnet-infected systems for two years. During this time, Atif Mushtaq learned much about the network and how it operates. The company published an analysis of the network on its blog, but noted it had numerous "fallback" measures in-place to ensure its operation went uninterrupted. Last week, Mushtaq used that information against it last week to shutdown several of Ozdok's servers and disable its security measures before they could be enacted.

A coordinated effort found several FireEye employees contacting ISPs and domain registrars, as well as registering domain names the botnet had hardcoded into its infrastructure to automatically generate. FireEye was successful: the spam stopped almost immediately, though the team reports there was a "trickle" which got through over the weekend. Thanks to FireEye's diligence and research, one security analyst estimated that Ozdok was sending out some 13 billion spam e-mails a day!

In fact, FireEye's Mega-D takedown was so successful that many bloggers are wondering why the larger security firms aren't doing more on this front...

© C Harris Lynn, 2009

No comments: