It appears that two of the most powerful botnets are working together – another sign that as the recession continues, organized crime is rapidly expanding into the online world, spawning a variety of ventures, new products and loosely federated alliances.
The botnet alliance first became apparent in April when Conflicker began updating over its peer-to-peer network through a domain controlled by Waledac, known for its malware spread through email spam. The updated Conflicker virus also spread copies of the Waledac Trojan to infected computers.
The development is startling. Botnets usually try to destroy each other to establish dominance.
From Government Computer News:
“While self-updating botnets are nothing new, what was unusual was this update was coming from a Waledac domain, another major botnet,” MX Logic said in its recent threat report for April. “This level of cooperation between two major botnets is interesting since rival botnets typically try to eradicate one another in an effort to establish supremacy. This indicates that two of the world’s largest botnets may be working together to create the first ‘mega-botnet’ made up of tens or hundreds of millions of PCs.”
This botnet alliance is just one more example of how the cyber criminal trade has evolved into one that is more “industrialized” and more effective.
For instance, Botnet entrepreneurs are developing distribution services that hackers may rent and use to spread their own malicious code.
The companies that understand the attackers will inevitably be better off. The real war is in gathering the intelligence to better understand the behaviors of this emerging class of botnet gangs.