See Real Time Bots

[piccolomondo]

The Real Time Global Threat Monitor
plots malicious and noteworthy event observations in real time as captured by Support Intelligence.

[Bent_Bladi]

kinda like that thing amalgamate posted... um, somewhere

[piccolomondo]

The Inner Workings of a Botnet

A Russian-controlled botnet written in Python and running about 3,000 bots, with an email database 3.4 gigabytes in size containing 162,211,647 addresses was the source of the spam emails promoting an American would-be candidate, in October.

In the investigation of this botnet, SecureWorks explains how the source was tracked down and the technology involved in both the front and back-end operation of a modern botnet spam system.

[piccolomondo]

Botnet-controlled Trojan attacking online bank customers

A new variant on the "Prg Banking Trojan" malware discovered in June is stealing funds from commercial accounts in the United States, United Kingdom, Spain and Italy with a botnet called Zbot.

The bank Trojan malware can be distributed using iFrame exploits on Web sites or via phishing. If the attacker succeeds in getting the Trojan malware onto the victim's computer, the Prg Banking Trojan visits all the bank's web pages, performing keystrokes that imitate the victim's keystrokes to avoid any online fraud-monitoring.

Research into the origin of this malware revealed that it is being sold to multiple groups who are carrying out attacks simultaneously.

1. One group names their attacks using the letter "H" and uses e-mail to spam the Trojan to unsuspecting users. This group's attacks sent data back to servers in the Russian IP address space.

2. Another group names their attacks after makes of cars ("Ford," "Bugatti," and "Mercedes"), and spread their versions of the Trojan by exploiting vulnerabilities in Windows and Internet Explorer; it reports back to servers in both the United States and China.

SecureWorks says Bank customers should avoid visiting untrusted websites and clicking on links within emails from untrusted sources. Even if they recognize the sender, they should confirm that the sender has sent the specific email to them before clicking on any links.