Hackers' StealRat botnet turns 85,000 unique IPs into malware-spreading tools

Hackers have developed a sophisticated StealRat botnet, capable of bypassing firms' advanced anti-spam defences, according to security firm Trend Micro.

Trend Micro threat response engineer, Jessa De La Torre reported uncovering the botnet, claiming that it uses advanced techniques to hide the malware used in the scam. "While exploiting vulnerable websites to send out spam has already been exhausted by other botnets, StealRat stood out because it used simple yet subtle methods to improve the botnet's resiliency," wrote De La Torre.

"Its operators set very clear boundaries. They used compromised sites to send out spam. They also made use of compromised machines, but only as mediators between the compromised sites and the spam server."

De La Torre said by removing the interaction between the spam message and the campaign's central server, the criminals are able to bypass most businesses' cyber defences.

"In this setup, the actual spam server is hiding behind three layers of unsuspecting victims: two compromised websites and an infected machine. The infected machine acts as a liaison between the spam server and the compromised website," wrote De La Torre.

"As there is no interaction between the spam and server, it will appear the email has originated from the infected machine. The spam mail itself does not spread the malware, so there is no visible link between the two as well. In essence, they have separated the core functions and minimised interactions among them to cut off any threads that could link them to each other."

The tactic has reportedly proven effective, with Trend estimating the attackers are using 85,000 unique IP addresses or domains to send out spam to seven million chosen email addresses. Each IP is estimated to contain roughly two spamming scripts.

StealRat's discovery comes during a wider evolution of cyber criminals' techniques. Numerous security companies have warned that criminal and state-sponsored hackers are developing new defence-dodging tactics. Most recently security firm Context reported detecting a marked spike in the number of watering hole attacks targeting businesses with government contracts.

• Tweet  
• Facebook  
•  
•  
• Save this article  
• Send to  

• Topics
• Security
• Trend Micro
• cyber-crime
• Botnets
• malware
• spam