New Botnet Army On The March

There's a new botnet (a network of malicious nodes, known as "bots") gaining strength, and it's successfully infiltrating U.S. companies by bypassing traditional antivirus products.

1 Min Read
Dark Reading logo in a gray background | Dark Reading

There's a new botnet (a network of malicious nodes, known as "bots") gaining strength, and it's successfully infiltrating U.S. companies by bypassing traditional antivirus products.According to this news story on Dark Reading, security startup Damballa is tracking the spread of a new botnet, dubbed MayDay, that, according to the company, already has infected thousands of hosts -- almost all located in North America, Kelly Jackson Higgins reports.

What's concerning about this botnet, aside from the apparent difficulty in identifying it, is that it has successfully infiltrated some -- so far -- unnamed and large networks. Also, its ability to communicate, presumably with other infected nodes, from behind the corporate firewall, makes it appear more agile than other peer-to-peer botnets.

So far, there's little information on MayDay, such as how it propagates or how it evades anti-malware software. Hopefully, those details will surface soon.

According to Higgins' report, the known infections so far have been through what appears to be an Adobe PDF file, but is actually the mechanism for bot infection.

Also, the motive behind MayDay seems to be spam propagation. The researchers, still reverse-engineering MayDay's encrypted communications, have found that it's sending spam and submitting performance reports back to its command-and-control servers.

While that's bad enough, once these bot networks get entrenched they can be used for any number of other types of attacks, including denial-of-service attacks. It's also not unheard of for these networks to be hijacked by other criminals and commandeered for their own purposes.

As news dictates, I'm hoping to post more details on this attack as specifics become available.

According to the 2007 CSI Computer Crime Survey, denial-of-service attacks and botnets combined cost 194 respondents about $5.6 million.

About the Author

George V. Hulme, Contributing Writer

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights