Monday, March 8, 2010

Oficla botnet with more than 200,000 zombies recruits

In a recent investigation, we discovered a Oficla botnet, also known as Sasfis in nomenclature of some antivirus companies, with a significant amount of zombies recruited in 48 countries, demonstrating the connotation scale represents the same on stage crimeware.

The base command and control (C&C) of this botnet Oficla is maintained through crimeware myLoader (costing in the underground market is USD 700) and is in Russia, a country in which the largest number of computers infected with a total of 116.119, followed by Ukraine with 53.746.

The total number of zombies that are part of this botnet amounts to an alarming number of 210.619. This information can be verified through the following screen.
While the figure is alarming, the problem is much deeper and disturbing. That is, for a system to an active part of a botnet, means that previously was infected by malicious code (in this case, Oficla/Sasfis), which shows clearly the failure of the security mechanisms implemented to counter this threats.

Not only in terms of prevention of infection but also to detect, depending on the type of traffic TCP/IP and HTTP, the system is part of a botnet.

On the other hand, it's important to note that the recruitment of this botnet continues to rise with approximately 120 computers infected per hour.

A report with more details on the management framework and the power of the botnet recruitment Oficla/Sasfis can be downloaded from the papers section of Malware Intelligence.

No comments:

Post a Comment