Probably there’s something more in the Next Step Of Botnets besides BlackHole 2.0 and Tor C&C mentioned in my previous post. I mentioned the takedown of the Nitol Botnet by Microsoft as one of the most important infosec events of the last week, but I forgot to mention one important aspect related to this event: the malware supply chain.
As a matter of fact, in case of Nitol, Microsoft discovered a real botnet factory, that is a compromised supply chain, based in China, that allowed new computers (to be sold to unaware consumers) to come pre-installed with malware embedded with counterfeit version of Microsft OS.
A step forward in the Cyber Crime industry with the advantage for cyber crooks to setup an “army” of zombie machines without enforcing time consuming drive-by attacks or spam campaigns. I used the term army since the main features of Nitol are the capability to execute on-demand DDoS attacks (besides to offer a backdoor to cyber criminals for taking control of the infected machines).
Unfortunately, what’s especially disturbing according to Microsoft, is that the counterfeit software embedded with malware could have infiltrated the chain at any point.
If you still have doubts that Cyber Crime has become a real industry there’s no better example to demonstrate it. Moreover I cannot help but think that, once upon a time, new computers came out with antivirus software embedded, today they are sold directly with malware.
- The Next Step of Botnets (hackmageddon.com)