The Kraken botnet is a network hacking spyware program that attacks Microsoft Windows and Apple Macintosh systems through email and World Wide Web sites such as social networking sites. It was the world's largest botnet as of April 2008.

Researchers say that Kraken infected machines in at least 50 of the Fortune 500 companies and grew to over 400,000 bots.[1] It was estimated to send 9 billion spam messages per day. Kraken botnet malware may have been designed to evade anti-virus software, and employed techniques to stymie conventional anti-virus software.[2]

History

edit

The Kraken botnet was first discovered in 2008 by security firm Damballa. Researchers described it as the largest botnet discovered at the time, compromising over 400,000 infected machines. This was more than twice the size of the Storm botnet, which was previously considered to be the largest zombie network.[2]

Prevalence In a 24-hour period on March 25, 2008, Kraken was observed to have infected 409,912 unique IP addresses. Researchers predicted the botnet would grow to over 600,000 nodes within two weeks. The botnet infiltrated machines inside major corporations, including over 50 Fortune 500 companies.[2][3]

Action

edit

Kraken is believed to spread primarily through social engineering, by tricking users into clicking on malicious files disguised as images. Once executed, the Kraken malware copies itself to the victim's hard drive in a slightly altered format, allowing it to evade detection by antivirus software. Infected machines also regularly update themselves with new variants to avoid detection. Kraken's ability to rapidly morph its codebase has allowed it to evade detection by most antivirus products. At the time of discovery, only about 20 percent of antivirus products were detecting the malware. This code obfuscation and frequent updates have made it an extremely stealthy and evasive botnet. Once infected, the Kraken malware uses the victim's machine to send large volumes of spam advertising various scams and questionable products like high-interest loans, fake luxury goods, and gambling sites. Researchers observed bots in the network sending as many as 500,000 spam emails per day.[2]

See also

edit

References

edit
  1. ^ Higgins, Kelly Jackson (7 April 2008). "New Massive Botnet Twice the Size of Storm". Dark Reading. Retrieved 7 April 2008.
  2. ^ a b c d Goodin, Dan (7 April 2008). "Move over Storm – there's a bigger, stealthier botnet in town". The Register. Retrieved 7 April 2008.
  3. ^ "RSA 2008 : Kraken, le nouveau botnet géant - Le Monde Informatique". LeMondeInformatique (in French). 2008-04-09. Retrieved 2024-02-14.
edit