A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals.
The "Srizbi" botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer at FireEye Inc., when the infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia.
Srizbi was knocked out more than two weeks ago when McColo Corp., a hosting company that had been accused of harboring a wide range of criminal activities, was yanked off the Internet by its upstream service providers. With McColo down, PCs infected with Srizbi and other bot Trojan horses were unable to communicate with their command servers, which had been hosted by McColo. As a result, spam levels dropped precipitously.
But as other researchers noted last week, Srizbi had a fallback strategy. In the end, that strategy paid off for the criminals who control the botnet.
According to Gong, when Srizbi bots were unable to connect with the command-and-control servers hosted by McColo, they tried to connect with new servers via domains that were generated on the fly by an internal algorithm. FireEye reverse-engineered Srizbi, rooted out that algorithm and used it to predict, then preemptively register, several hundred of the possible routing domains.
The domain names, said Gong, were generated on a three-day cycle, and for a while, FireEye was able to keep up -- and effectively block Srizbi's handlers from regaining control.
"We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."
Once FireEye stopped preempting Srizbi's makers, the latter swooped in and registered the five domains in the next cycle. Those domains, in turn, pointed Srizbi bots to the new command-and-control servers, which then immediately updated the infected machines to a new version of the malware.
"Once each bot was updated, the next command was to send spam," said Gong, who noted that the first campaign used a template targeting Russian speakers.
The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web.
In the meantime, FireEye is working with several other companies -- including VeriSign Inc., Microsoft Corp. and Network Solutions Inc., a domain registrar -- on ways to reach the more than 100,000 users whose PCs FireEye has identified as infected with Srizbi.
Discussions about how to best handle any future McColo-Srizbi situation are also ongoing, Gong said. "We're trying to find a solution, and talking about ideas of how they can help fund efforts for some period of time to [preemptively] register domains," he said.
Posted by: Fred ||
11/28/2008 00:00 ||
Comments ||
Link ||
[3 views]
Top|| File under:
I didn't even know it was on! Such a shame to have missed this fine piece of 'entertainment'.
If the TV variety format weren't already dead, the ghastly ego trip of NBC's Thanksgiving-eve turkey Rosie Live would surely have killed it. Like the pie Alec Baldwin predictably pushed into Conan O'Brien's face that fell to the floor without sticking, the entire hour landed with a sickening, sad, ill-conceived thud. It felt like an off night at America's Got Talent, bookended by wobbly appearances from Liza Minnelli and Gloria Estefan, each forced to perform with the caterwauling host, Rosie O'Donnell.
The low point? There were so many. I ran to the kitchen to see how our sweet-potato casserole was progressing so I could escape Jane Krakowski's career-low stripper-ish ode to product placement, warbling new lyrics to Gypsy's "You Gotta Get a Gimmick" that listed all the giveaways the live audience would get, everything from a Vudu player to White Castle hamburgers and Crest Whitestrips (probably not a bad idea after gorging on those stomach bombs). But even that was a treat compared to Clay Aiken, arriving in his Spamalot costume, engaging in who-loves-who-more banter with Rosie, coyly dancing around the gay issue. "We're both Gayyy-briel Byrne fans," Rosie sorta joked. I stopped reading right there, for obvious reasons.
After about 22 months' imprisonment, former BNP state minister for labour and employment Amanullah Aman was released on High Court (HC) bail last night from the prison cell at Bangabandhu Sheikh Mujib Medical University (BSMMU) Hospital while former MP Mufti Shahidul Islam was released from Kashimpur Jail.
Posted by: Fred ||
11/28/2008 00:00 ||
Comments ||
Link ||
[4 views]
Top|| File under:
China's foreign exchange reserves currently exceed US $2 trillion, said Yao Jingyuan, chief economist at the National Bureau of Statistics of China, at the China Industry Investment Forum on November 27.
The foreign direct investment China absorbed over the past 30 years has greatly increased. China's foreign exchange reserves have jumped to No.1 in the world. Statistics show that between 1979 and 2007, China's foreign exchange reserves increased by US $1.5267 trillion in total, or an average of US $52.6 billion per year. The reserves grew, especially between 2000 and 2007, by US $1.3627 trillion, up by US $194.7 billion on average per year. Statistics from the State Administration of Foreign Exchange show that, by the end of September this year, foreign exchange reserves reached US $1.9056 trillion, up by 33% year-on-year.
At the forum, Yao also predicted that the growth rate of the consumer price index (CPI) in November and December this year will definitely be lower than 4%. The CPI in October rose by 4% compared with the same period last year, which is the lowest monthly growth rate this year. In addition, at a time when the country continues to launch policies to stimulate economic growth, Yao said "the individual income tax threshold should be raised."
Chesapeake Energy Corp., the nation's largest producer of natural gas, seeks to raise up to $1.8 billion through common stock sales in an effort to fund its drilling and exploration activities and mitigate the impact of lower natural gas prices on cash flow.
In two filings with the Securities and Exchange Commission late Wednesday, the company said it will issue shares worth as much as $1 billion before fees and also registered 50 million shares worth at most $791 million for potential sale.
Oklahoma City, Okla.-based Chesapeake said it will use proceeds from the $1 billion offering for general corporate purposes, including fund exploration, development and other capital expenditures.
The move would dilute holdings of shareholders, who already suffered through a substantial decline in Chesapeake's stock price this year. Shares closed at $20.24 on Wednesday, off 73 percent from the stock's $74 52-week high set this summer.
But the company said cash flow, borrowings and cash on hand have not been enough to pay for capital expenditures.
Chesapeake has used up the remaining financing available under its $3.5 billion bank credit facility and only $251 million is left of another $460 million credit line. Credit markets remain tight with financial institutions under duress.
#1
This might be a decent move for them. The market has probably already bottomed and this offering, by the time it hits the market, will bring in big money.
Posted by: Mike N. ||
11/28/2008 0:43 Comments ||
Top||
#2
I think there's a way to go on debt-deflation/demand destruction and thus rises in commodity affordability.
#5
as high as natural gas has risen in the last few years i don't see how they could lose money. A couple years ago i got my first gas bill followed by my first heartattack
A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012.
Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing
the drug and gang related violence in Mexico.
Chris gives us Mexican press dispatches of drug and gang war violence
over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has
dominated Mexico for six years.
Rantburg was assembled from recycled algorithms in the United States of America. No
trees were destroyed in the production of this weblog. We did hurt some, though. Sorry.
A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals.
But as other researchers noted last week, Srizbi had a fallback strategy. In the end, that strategy paid off for the criminals who control the botnet. 
After about 22 months' imprisonment, former BNP state minister for labour and employment Amanullah Aman was released on High Court (HC) bail last night from the prison cell at Bangabandhu Sheikh Mujib Medical University (BSMMU) Hospital while former MP Mufti Shahidul Islam was released from Kashimpur Jail.
