0 Replies Latest reply on Oct 6, 2009 6:58 PM by HarryWaldron

    Xpaj Botnet - Thousands of systems infected in 1st two weeks

      AVERT Labs is warning of a sophisticated botnet, discovered 2 weeks ago. Like Conficker, the internal command-and-control design is digitally encrypted to avoid discovery of the primary servers. Please keep all AV and software patches updated for the best levels of protection.

      W32/Xpaj Botnet Growing Rapidly
      http://www.avertlabs.com/research/blog/index.php/2009/10/06/w32xpaj-botnet-growi ng-rapidly/
      Further analysis has revealed some interesting details about the malicious behavior of W32/Xpaj. The Virus is building a widespread “zombie” network, by taking control thousands of Internet-connected computers. The new botnet is in its infancy, although thousands of machines have been infected during last two weeks.

      To prevent botnet hijacking, W32/Xpaj accepts only digitally signed payloads and commands. Malware authors use a cryptographic hash (MD5 algorithm) to validate the authenticity of any payload received from the control server). It employs the same techniques used by Srizbi and Conficker; that is, it uses randomly generated DNS names for backup control servers.

      Botnets grow and evolve quickly. We measure them by the number of compromised computers under their control. However, proactive virus detection and following these simple recommendations will help prevent your computer from becoming a part of a botnet:

      • Keep your anti-virus software up to date
      • Apply all the latest security patches and keep your operating system up to date
      • Set up a firewall to block unauthorized access while you are connected to the Internet

      ADDITIONAL INFORMATION
      http://www.avertlabs.com/research/blog/index.php/2009/09/21/w32xpaj-know-your-po lymorphic-enemy/