About us Contact us RSS Newsletters Blogs Video Follow us on Twitter

Register | Login

Advertisement
  • Networking
  • Storage
  • Security
  • Mobility and Wireless
  • Applications
  • OS and Servers
  • Mid-sized Business
  • Green IT
  • Virtualisation

Home | News | Insight | How-tos | Case studies | Interviews | Briefings | Reviews | Blog

Computer & Internet Security News



18 November 2008

Srizbi botnet flounders after McColo shutdown

By John E. Dunn, Techworld

Large numbers of infected computers have been searching in vain for the Srizbi botnet disrupted by the disconnection of ISP McColo a week ago, a security vendor has found.

Advertisement

According to FireEye Security, the company has detected a total of 450,000 compromised IP addresses have been trying to connect to Sribzi-controlled command and control computers that would have been hosted by McColo until it disappeared.

The company identifies Srizbi by monitoring computers that attempt to connect to IP addresses 75.127.68.122 or 64.22.92.154 from November 12 onwards, and recommends that admins check firewall logs to trace http traffic opening ports to these locations.

The majority of infected PCs will likely be poorly-protected consumer PCs, but in principle an IP connection attempts can come from any PC, servers included. If infected PCs are located on a network, the company cautions that cleaning a system might not be straightforward.

"Srizbi installs a rootkit that hides its changes to system files and registries. In environments where periodic system snapshots are taken, it will be easier to perform a system restore from a known clean snapshot," says a company blog.

Srizbi is only one of a number of high-profile botnets that have been severely disrupted by the de-peering of US-based ISP McColo, after complaints about its alleged hosting of criminal networks. In a working state, Srizbi would use compromised PCs to flood the world with spam.

It's not clear whether the news that McColo managed to fire into action briefly in recent days will have helped the botnet move its zombie PCs to new controllers hosted elsewhere.

FireEye explains its traffic-analysis system in more detail on its website, and has also published a list of tools for cleaning up PCs affected by Srizbi.

Follow highlights from Techworld on Twitter
Stay Informed > Subscribe to our Newsletters
The UK IT News widget Get it for your site!

<<newer article | back to index | older article>>

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Srizbi botnet flounders after McColo shutdown' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?
Advertisement
Advertisement

WHITE PAPERS

  • Seven Ways ITIL Can Help You in an Economic Downturn
    Learn more about how ITIL can help your business weather the economic storm, and how it can leave you better positioned for growth when the economy begins to rebound.
  • Make Compliance Work For You
    Learn how to make compliance work for you, rather than the other way around, with this whitepaper form Oracle.
  • Modernizing IT: Strategies for Improving Service Quality and Reducing IT Costs
    Working harder simply won’t get you there. No matter how many people you allocate, sinking more labour into old IT practices cannot concurrently meet rising demands on IT and cut costs. Read about cost-effective, automated ways to meet this challenge head-on in this whitepaper.
  • Security and Trust: The Backbone of Doing Business over the Internet
    When shopping online, consumers are concerned about identity theft and are therefore wary of providing untrusted sources with their personal information, especially their credit card details. Find out how to gain the trust of online customers.
  • Business Continuity - Are you always open for business?
    Business continuity is not an end in itself, but the key to improving performance. Oracle solutions for midsize organisations contribute by providing a secure, easily accessible, and always available information infrastructure thats's also simple and cost-effective to manage. This Oracle Business Brief explains how.

Techworld topic pages