SSL-servers targeted by botherders
To-day by polonus
Comments and reactions:
Not only Windows desktops are targeted by botnet herders that want to enlarge their botnets, also more and more they will target FTP, SSL and webservers to be taken over. The hijacked or hacked servers will then often function as malcode database or are being used to forward spam. According to Finnish av vendor F-Secure FTP servers are the favorite hack target for cybercriminals. "We also saw that where SSL-servers were being abused. Sites with a valid SSL-certificate become hacked and then abused for drive-by downloads", according to reasearcher Mikko Hypponen.
Through running a drive-by download via a HTTPS-connection some proxy and gateway scanners cannot scan for malware. "Then it is easier to break into servers", says Hypponen. Then server botnets are being formed out of these hacked servers, functioning as a form of sub-botnets. "We now see server botnets. An interesting feature is that these interconnected server botnet is herded by one individual", says Shadowserver Foundation's DiMino. Servers are to facilitate botnet extension and expansion.
Server-bots
In the mean time we spotted specific server-bots to use PHP and Perl to change servers into realtime spam machines. "The benefit there is the enormous amount of bandwidth and power to maximize the amount of spam sent." According to security expert Marc Maiffret botherserd are recruiting attackers that are experienced server hackers. Maiffret expects legit websites to be the main target for webattacks in 2010 and beyond:
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml;jsessionid=4RTX0GD0KT3ILQE1GHPSKHWATMY32JVN?articleID=222002433pol
P.S. If these malserver bots perform a man in the middle attack you can forget SSL security alltogether,
D