Mocbots exploiting Windows flaw to create zombies, claims CipherTrust

  • E-Mail
By  Published  September 1, 2006

Zombie PCs are on the rise and Mocbot worms which exploit a Windows security flaw are to blame, according to CipherTrust.

The security vendor has reported a 23% increase in the number of zombie PCs, according to the online news service Cnet.

So-called zombie PCs, are those that have become part of a bot network — a collection of compromised PCs that can be controlled remotely to carry out tasks such as sending out vast quantities of spam e-mail.

According to CipherTrust, and as reported by Cnet, CipherTrust blames this rise on the spread of Mocbot worm variants known as Cuebot and Graweg, which exploit a security flaw for which Microsoft issued a patch with the MS06-040 security bulletin last month.

Dmitri Alpherovitch, a rese- arch scientist at CipherTrust told Cnet, “Around August 13th, the weekend after Black Tuesday, we started seeing a gradual increase in the average number of new zombies.”

“It went up from 214,000 every day in the previous week to 265,000 every day,” he added.

Alpherovitch explained that CipherTrust is able to see the connection between the rise in spam sending zombie PCs and Mocbot by comparing junk e-mails sent by systems it knows were compromised previously with that sent by the new zombies.

“They are mostly Rolex spam and pornographic spam and they are the same messages that are being sent by these new zombies coming online,” he said.

Alpherovitch added that between around 500,000 and one million machines were hijacked by Mocbot and that as a result of all the increased zombie activity, spam made up 81% of all mail volume last week.

”I would not say that this has been a huge outbreak, but it has been a noticeable change,” he told Cnet.

Earlier this month Cipher- trust revealed that it had noticed a 20% increase in newly created zombies in May.

Regarding junk e-mails it revealed that image-based spam, which has increased by 200% over the past three months accounts for 30% of all spam messages at peak times.

Additionally, since early this year the company has identified new developments in spam operations, including the release of new tools able to generate completely randomised images and deploy them in spam at rates of up to one million messages per hour.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code