It looks like the Storm botnet must, once again, defend its title as the “Biggest Zombie Network” against the recently “rediscovered” botnet, Kraken.
The botnet, as Dark Reading originally reported, is composed of over 400,000 infected systems, more tha twice the reported size of the Storm botnet, which has been getting (most of) all the press since last year.
Researchers are more concerned however of the fact that despite its size, the botnet has been able to evade detection from most anti-malware products.
Kraken reportedly arrives on systems as a file posed as an image (e.g. filename.jpg.exe) but is actually a malicious file that executes when clicked. It copies itself onto the affected system in a different format from the original. This file is later used to infect the system again once the original file has been detected by the user’s anti-malware product.
Much like the Storm, spam runs are the top agenda for this botnet sending advertisements for high-interest loans and male-enhancement products, among others.
Although “recently discovered”, this botnet that is detected by Trend Micro as TROJ_SPAMBOT.AF may not be so new after all. Trend Micro researchers as well as other security researchers that have examined Kraken’s behavior are led to believe that it is probably a variant of the BOBAX malware family.
“In theory, it looks like BOBAX has been re-purposed as a base code for this ‘Kraken’ attack,” Threat Research Analyst Jamz Yaneza said.
It seems that Storm isn’t going down without a fight though with its recent attack, recently reemerging as a fake video codec. But then again, it doesn’t really matter who wins in the battle of botnets — there really are no winners excecpt for the cyber criminals preying on unwitting victims.