Kraken bot produces bogus email headers on the fly

By

A new variant of the Kraken bot uses a word generator to produce bogus headers and random URLs in an attempt to evade host intrusion prevention technologies, according to security vendor PC Tools.


Also known as Bobax, the new variant poses a considerable threat in its new form, said PC Tools, warning the Kraken bot is now capable of dynamically constructing words with properly matched vowels and consonants.

“Essentially what we are looking at is an artificial English word generator, which follows common English grammar rules and produces words of similar appearance to those in the English language,” said Sergei Shevchenko, senior malware researcher at PC Tools.

“It is these new techniques employed by the new Kraken variant that makes it a significant threat,” he added.

Australia and New Zealand have been infected in the last 24 hours, warned PC Tools, as well as several other countries around the world including Thailand, US, UK and Lebanon.

According to PC Tools, the bot selects from a list of 33 common English nouns, verbs, adjectives and adverb suffixes, such as -able, -dom, -hood, -ment, -ship, -ly, or –ency followed with one of the domain suffixes: dyndns.org, yi.org, mooo.com, dynserv.com, com, cc or net for example.

“The random word generator is possibly designed to evade spam filters and
algorithms that have the ability to distinguish the randomness,” Shevchenko said. "[However], if a rule or algorithm cannot be built to distinguish such a word then it cannot be detected or blocked.”

Earlier in the month the size of the Kraken bot was disputed by security vendors F-secure and Damballa after Damballa claimed the bot was twice as big as the Storm worm triggering a war of words between the two.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
pc toolssecurity

Sponsored Whitepapers

Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?