Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
This week, experts in the blogosphere worried about some troubling activity that could be interpreted to suggest that an unknown number of botnets are preparing for something big.
One such warning came from an information security investigator who goes by the online name SecurityMonkey. In his A Day in the Life of an Information Security Investigator blog, he compares recent bot activity to that of a sleeper cell preparing for a big terrorist attack.
"These sleeper cells are one or more terrorists that slowly integrate themselves into society without attracting so much as a yawn from the Department of Homeland Security," he wrote. "Attracting far less attention is something that I believe will pose a huge threat to potentially any machine attached to the Internet: sleeper cell bots."
He then directed readers to a March 7 write-up from researcher Juuso Hukkanen in the Newsreader blog describing possible evidence of a future "mass-hack."
"During the last few days a bot using the name FuntKlakow has been registering to at least hundreds (maybe thousands) of phpBB forums," Hukkanen wrote. Next time a critical phpBB vulnerability is announced, he said, the bot will "have everything ready … just a post click away from attacking thousands of sites/forums."
As SecurityMonkey pointed out, Hukkanen noticed something strange, "like a waiter who checks the silverware on his guests' tables before dinner and notices something out of place. [It's] a perfect example of how a sleeper cell network of virtual 'terrorbots' could cause mass havoc in a short period of time."
But, SecurityMonkey said, "imagine if a few of these botnets were convinced to join a noble cause or (were) taken over by other sleeper cell bots. What if they decided to concentrate their attacks on the root name servers? Military networks? Government service Web sites? Or, for God's sake, Starbucks.com! Total mayhem could erupt in the monkey household."
He said the moral of the story is this: Investigators must take the extra time to notice things in everyday life, during investigations and through casual observation that might be significant three days from now, a year from now, or 10 years from now.
"The seemingly harmless act of a new username appearing on a car-talk forum may not raise an eyebrow," he said. "But the behavior of that username (or lack thereof) could be a clue."
eBay accounts for sale
A Russian Web site is offering eBay accounts for sale, according to the blog kept by Clearwater, Fla.-based Sunbelt Software Inc.
While the writing on the site in question is in Russian, Sunbelt Software CEO Alex Eckelberry said the basics of the text are that:
- They sell eBay and PayPal accounts.
- They have a Trojan horse that steals account information from eBay logs and prefers to steal accounts with minimal seller/buyer activities.
- The better the feedback on a given account, the more expensive it is.
- Real account holder e-mails are available.
- They even have a list of users to buy.
"As is our normal practice," Eckelberry said, "we have reported this to our security contacts at eBay."
The Sunbelt blog entry includes screen images from the Russian site.