The Kraken botnet, is amongst Internet’s largest and the most difficult virus to identify in 2008, which is now raising its dreadful head once again.
According to Paul Royal, who is a research scientist at GTISC (Georgia Tech Information Security Center), old security adversary was reported taken apart last year, has cooperated in excess of 318,000 systems which is almost half of 650,000 node size which was attained during its peak time in 2008.
Until now, the revived Kraken is mainly a spam distributor. Its focus is on the output for male development and erectile dysfunction. According to Royal, botnet’s performance is phenomenal. A single node with a DSL connection was capable of sending over 600,000 spam messages during the 24-hour period.
According to Royal, even the most popular antivirus software like Symantec, Trend Micro and McAfee are unable to detect current Kraken samples.
The new revived Kraken is generally installed through another botnet or by using botnet malware for instance, Butterfly. Still, it’s not very clear if Kraken is operated by the unchanged criminal group but it could be more than one specialized criminal groups operating together, Royal suggests. He also suggests that Kraken’s reappearance may point towards a broader trend of reusing the codes.
It’s needed to point out that Kraken botnet is amongst world’s largest botnet. The researchers have shown that the Kraken has infected computers of at least 50 companies of Fortune 500 companies with over 400,000 bots. It’s estimated that it had daily sent 9 billion spam e-mails. It’s quite possible that Kraken botnet malware might have been given birth to dodge anti-virus software, but is it seems that virtually it become undetectable to traditional anti-virus software.
Joe Stewart, who was the Director of Malware Research for SecureWorks, claimed that Kraken was only a different name of the existing botnet, Bobax, which was also known as Cotmonger, Bobic and Oderoor. He had claimed that it was smaller than “Srizbi”, which was a botnet who controlled 315,000 computers. On 9th April 2008, Damballa replied to the claims and said that Kraken was just a different name for Bobax. After one week, Damballa also released instructions of Kraken malware removal from computers with one list of IPs which comprised the Kraken botnet. The list showed that on 13th April 2008, there were 495,000 infected computers due to Kraken botnet.
“The current utilization of private malcode [for instance Reformed Kraken, code for Storm etc] botnets indicates the future trend of reuse of malcode,” Royal says. He also added, “Usually, well-written code takes many iterations to expand and is very costly to restore. Despite the consequences of its age, on condition that, malicious code may be positioned inside an executable covering, which makes it emerge as new or unknown to conventional defense technologies, criminal gangs will carry on finding uses for it.”
