Beware the Kraken
Beware the Kraken
April 10, 2008: Apart from being a mythical beast of epic proportions, the Kraken is the name given to the latest botnet on the block who has outgrown the infamous Storm botnet to become the largest ever.
Botnets are networks of infected computers, usually without the owner’s knowledge, who are used in co-ordinated attacks for spam, denial of service and other malicious assaults that would normally not be an issue coming from a lone computer, but gain their strength from having hundreds of thousands of ‘zombie’ computers at the beck and call of a hacking group.
While some estimates have put the Storm botnet at anywhere from 40,000 to over a million computers, Damballa believes Storm was operating a network 200,000 victims strong. The security firm believes the Kraken botnet has outgrown Storm by swelling to a massive 400,000 computer network, making it the biggest botnet ever.
“Kraken is the largest army we’ve seen to date and has an unprecedented presence in enterprise networks. We’ve observed evidence of Kraken-based compromises in at least 50 of the Fortune 500,” said Paul Royal, principal research at Damballa.
Damballa is predicting that much like its multi-tentacle namesake, the Kraken network is set to swell in size, reaching at least 600,000 unique victims per day in April along with increases in the number of enterprise networks compromised.
The San-Francisco based security researchers believe Kraken’s success is based on it propagation technique which targets social engineering. The Kraken software automatically updates itself once it’s latched onto your computer and can then be used for everything from spam to data theft or denial-of-service attacks.
While it blipped onto the radar of most security firms in mid-2007, Kraken has been traced back to late 2006 and has gained a reputation for being able to recover itself on a victim’s computer when the malware is first detected and removal attempts are made. Damballa explain that single computers on the Kraken network have been known to send more than 500,000 spam emails by themselves and that the primary controllers of the botnet are servers in Russia, France and the USA.