Sneaky Kroxxu botnet infects 100,000 web domains

Janet Harris

November 23, 2010

avast! Virus Lab has detected a new botnet which is believed to have infected 100,000 web domains in the last year.

The Kroxxu botnet, which spreads through infected web sites rather than individual PCs, steals FTP passwords and adds a script tag to web site content.

It is then possible for files to be uploaded and modified on the infected servers, and for the botnet to be spread to other servers to continue the infection process.

The malware, which is believed to have affected one million systems globally, hides its tracks through redirection and indirect cross infection.

How the botnet organisers are making money from Kroxxu has not yet been discovered although they could be selling stolen data or hacked space on infected servers.

New research backed by the OECD suggests that in Europe between 5% and 10% of Internet-connected PCs were compromised and recruited into a botnet in 2009.

The scale of the problem has led to calls for governments to step in and set up ‘digital vaccination programmes’ to tackle the problem, in the same way that real epidemics were tackled in the Victorian age.

The Australian government is already collecting data on infections and passing it on to ISPs, which in South Korea and Germany national call centres are being established to advise people on how they can disinfect their machines.

The problem is now so large that major initiatives like these may be the only way to deal with it.






 

Post a comment

Your email address will not be published. Required fields are marked *

Visited 2864 times, 1 so far today