Kaspersky Lab Brought New Worms

Last month has brought three dozen unique malware programs discovered by Kaspersky Lab’s specialists. The malware in question targets Bitcoin system and manages to infiltrate peer-to-peer and social networks like Twitter, so its potential to do damage is estimated as very impressive.


The intruders have finally found a way around the antivirus software – they now infiltrate botnets in the file-sharing networks, as well as in the most popular social networks, such as Facebook and Twitter. The botnet in question is sending a request to a network’s account, while providing pre-determined commands, – in other words, where the Bitcoin-generating software is downloaded, together with instruction for which Bitcoin pools to work with. This is actually the first time when the botnets are being used with the Bitcoin system.

A research carried out by Kaspersky lab’s team revealed that one of the biggest botnets running around is able to hide real accounts. Meanwhile, such accounts are deemed to be shut down in case they are discovered by the server’s owners. In order to avoid such “cleaning” measures, the botnet’s owners set up a proxy server interacting with the infected machines. After this the computers’ requests would be transferred to a concealed Bitcoin pool.

Currently it is impossible to identify the pools used by the intruders, which means that the only way to stop the hackers is to somehow obtain full access to these proxy servers. For example, Ice IX botnet is crime-ware based on the leaked source code of Zeus, which has become extremely popular among scammers within the past several months. The software was released five months ago and currently sells for $600-$1,800. The ace in Ice’s sleeve consists in the altered botnet control Internet module, which allows cybercriminals to use legal hosting services rather than the highly priced servers supported by the hacker community. Actually, this should represent a warning to the Internet banking services, because everyone expects an improved version of this botnet.

Talking about new malware, remote-access worm called Morto is able to do something really extraordinary – to replicate without exploiting vulnerabilities. In addition, the worm is fast to spread through the Windows RDP service by finding the access password. The security experts estimated that thousands of PCs across the globe are already infected with this worm.