AVERT Labs is warning of a sophisticated botnet, discovered 2 weeks ago. Like Conficker, the internal command-and-control design is digitally encrypted to avoid discovery of the primary servers. Please keep all AV and software patches updated for the best levels of protection.
To prevent botnet hijacking, W32/Xpaj accepts only digitally signed payloads and commands. Malware authors use a cryptographic hash (MD5 algorithm) to validate the authenticity of any payload received from the control server). It employs the same techniques used by Srizbi and Conficker; that is, it uses randomly generated DNS names for backup control servers.
Botnets grow and evolve quickly. We measure them by the number of compromised computers under their control. However, proactive virus detection and following these simple recommendations will help prevent your computer from becoming a part of a botnet:
• Keep your anti-virus software up to date • Apply all the latest security patches and keep your operating system up to date • Set up a firewall to block unauthorized access while you are connected to the Internet