Kraken bot produces bogus email headers on the fly

By

A new variant of the Kraken bot uses a word generator to produce bogus headers and random URLs in an attempt to evade host intrusion prevention technologies, according to security vendor PC Tools.


Also known as Bobax, the new variant poses a considerable threat in its new form, said PC Tools, warning the Kraken bot is now capable of dynamically constructing words with properly matched vowels and consonants.

“Essentially what we are looking at is an artificial English word generator, which follows common English grammar rules and produces words of similar appearance to those in the English language,” said Sergei Shevchenko, senior malware researcher at PC Tools.

“It is these new techniques employed by the new Kraken variant that makes it a significant threat,” he added.

Australia and New Zealand have been infected in the last 24 hours, warned PC Tools, as well as several other countries around the world including Thailand, US, UK and Lebanon.

According to PC Tools, the bot selects from a list of 33 common English nouns, verbs, adjectives and adverb suffixes, such as -able, -dom, -hood, -ment, -ship, -ly, or –ency followed with one of the domain suffixes: dyndns.org, yi.org, mooo.com, dynserv.com, com, cc or net for example.

“The random word generator is possibly designed to evade spam filters and
algorithms that have the ability to distinguish the randomness,” Shevchenko said. "[However], if a rule or algorithm cannot be built to distinguish such a word then it cannot be detected or blocked.”

Earlier in the month the size of the Kraken bot was disputed by security vendors F-secure and Damballa after Damballa claimed the bot was twice as big as the Storm worm triggering a war of words between the two.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?