digg

Facebook Connect Join Digg About
See the original image at arstechnica.com

New Kraken Worm Evading Harpoons of Antivirus Programs

arstechnica.com Researchers at Damballa Solutions have uncovered evidence of a powerful new botnet they've nicknamed Kracken. The company estimates that Kraken has infected 400,000 systems, which would make it twice the size of Storm during that botnet's hayday.

Who dugg this? Made popular Apr 9, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

130 Comments

show profanity settings
expand all
  • Philluminati, on 04/09/2008, -3/+64Awesome name.
  • yohnstoppable, on 04/09/2008, -1/+53This is what happens when you claim your daughter is more beautiful than Aphrodite /sigh
  • Jynx97, on 04/09/2008, -1/+47The issue is that laptops are taken home, and connected to the internet for leisure. The users then download all sorts of nasties, and jack into the LAN on monday.

    What kills me is that the users who complain about the scheduled scans, are also the ones who are infected the most. (They cry about that too.)
  • TheGonzo, on 08/13/2008, -2/+45"'ello Beastie.."
  • vspazv, on 04/09/2008, -1/+36I always prefer the f-secure blog for virus info...
    http://www.f-secure.com/weblog/archives/00001418.h ...
    "Yesterday, Brian Krebs of Security Fix revealed that Damballa, the initial breaker of the Kraken story, has hijacked some of Kraken's domain names and are using the hijacked DNS resource records to count infections.

    After a little bit of digging, we found one of the hostnames that Kraken uses: [censored].1dumb.com. It currently resolves to an IP address owned by the Georgia Institute of Technology, which is where Damballa resides."
  • gothicform, on 04/09/2008, -2/+36I think thats there's a bit more going on here than it simply infecting Windows PCs. From what I have read about this it's getting through corporate firewalls undetected when they should be stopping it. Let's face it, if you have a good firewall you can have the crappest patched computer in the world (theoretically) but this is somehow evading those protections and getting to unpatched computers that are normally safe because they are behind corporate hardware protection. Should be interesting to see how this pans out.
  • frostbyt, on 04/09/2008, -1/+20I had some user who would cry about having their pcs scanned and updated. When I explained to their boss the rogue laptop user could cost the company millions with data loss of an unsecured pc. Now they are more than happy to have their pcs scanned cause they get to keep their job.

    Funny how that worked out.
  • KnightMareInc, on 04/09/2008, -2/+19but then you'll be on a mac
  • surKaz, on 04/09/2008, -3/+20"Man the cannons,..Lower the sail, and chase that Kraken daaawooon. It'll be an interesting night, you skivvies. We'll be feasting in Davy Jone's Locker by the end of it all."
  • Corneileus, on 04/09/2008, -2/+18MAN THE HARPOONS!

    ... It's not very effective...
  • dafragsta, on 04/09/2008, -0/+15Now say that in a dark room with a flashlight under your chin.
  • AMSRay, on 04/09/2008, -2/+17No, they just get hacked in two minutes when a hacker takes the time to try one. Don't confuse having an insignificant platform market share with having good security.
  • dafragsta, on 04/09/2008, -0/+13Only because you refuse to acknowledge the metric harpoon.
  • Nikonian, on 08/17/2008, -1/+14I'm still waiting of the RickRolled virus.
  • lilricky, on 04/09/2008, -2/+15I know you mean well, but please dont troll here. Thanks
  • Borgcube, on 04/09/2008, -3/+15That Windows is most targeted because it has most users and therefor most inexperienced ones?
  • nonsapiens, on 04/09/2008, -3/+14A good, logical, reasoned answer void of personal attack.
    What the hell are you doing online? It appears you already have a life. Incredible...
  • dsendecki, on 04/09/2008, -1/+11Comment of the day.
  • rickpelletier, on 04/09/2008, -1/+11They should totally put a button for marking "comment of the day".
  • jsffive, on 04/09/2008, -0/+9Yeah, the "RickRoll" reference is soooo clever, that it's still funny after hearing it for the millionth time...

  • frostbyt, on 04/09/2008, -2/+11First off calling IT professionals "geeks" will not get your PC fixed any faster. Second if users would stop clicking yes to every popup/porn ad that ever crosses their screen we would not have this problem.

    There is no amount of technology to combat stupidity.
  • xedd, on 04/09/2008, -1/+9"most of my PC using friends have lost their entire systems multipe times over the years..."

    Well, IF that is true it might say more about the level of intelligence of your friends, the sheer number of porn sites they visit, or their general computer-usage habits like opening email attachments -- than it does about the usefulness or security of PC's.

    Just sayin'.
  • inactive, on 04/09/2008, -0/+8RELEASE THE KRAKEN
    http://www.youtube.com/watch?v=4Thcaq8N-Js
  • Borgcube, on 04/09/2008, -1/+9So...played any good games lately?
  • Gunite, on 04/09/2008, -0/+7There's way to much virus romanticism. Now we're giving them mythical names.

    I wish these stories would emphasize the seriousness of the crime, and the amount of damage caused. IMO virus authors should be given 20+ year prison terms.
  • inactive, on 04/09/2008, -4/+107/8 of the botnet are stupid computer illiterate americans dependent on microsoft and watching to much porn.
  • Kazbaeden, on 04/09/2008, -1/+7TFA doesn't mention which OS this impacts. XP, Vista, both?
  • hayzeus, on 04/09/2008, -1/+7I used to work with McAfee back in the day, and they got a lot of that. And, no, they weren't creating viruses.
  • xdeliriumx, on 04/09/2008, -4/+10Anyone else think of the Polar Kraken M:TG card when they saw this?
    /pushes glasses back into position on nose
  • HonoredMule, on 04/09/2008, -1/+7That it's designed to work on Windows systems?

    They must be in league with the game developers!
  • ShiningSquirrel, on 04/09/2008, -0/+5It means that 10% of all fortune 500 companies have at least 1 single computer infected, nothing more.
    Wow, you are pretty dense to be online.
  • stungib, on 04/09/2008, -1/+6Well, not as good as Phil McKraken.....
  • Gunite, on 04/09/2008, -1/+6I wish they wouldn't name them like that or write stories where they personify the virus.

    "Like its mythical monstrous counterpart, Kraken enjoys long walks on the beach, sunsets, and tearing sailors into tasty snacks"

    Just call it something like Dumb-ass Virus 313.
  • elementop, on 04/09/2008, -0/+5@sodade: So you are telling me that it is better to toast your company's network because you picked up a virus while your A/V software was disabled? That's just idiotic. Think it can't happen? I've seen it at multiple places I've worked.
    Yes, the security software is obnoxious. Yes, as an IT geek, I hate it, too. Guess what? When I use a Windows system, I have the same obnoxious security software installed on *my* computer, and I have to deal with it, too. My solution, however, is not to throw a freaking temper tantrum but instead, it's to use an software that doesn't need all of this crap on it, and then I secure it as tightly as I can.
    FWIW, many times, us IT geeks hate the software choices as much as you do, but the right tool for the job sometimes means using Windows or IE or Office or whatever, even though it's a product you despise. Like it or not, Visio is *the* application for network drawings, so I have to have a Windows machine. Like it or not, the company I work for had Windows-based billing software before I ever came along, so we have to have Windows on our users' desktops. Like it or not, there are a number of web sites that some of my employees need to reach in order to do their jobs that require IE. So like it or not, I *have* to install crappy, CPU-intensive, intrusive, annoying A/V software. Thankfully, we aren't using McAfee or Symantec, but what we use is still CPU-intensive.
    Sorry, dude. You may *think* you are a geek, but if you can't understand the business decisions that IT has to live with -- or the reality of security vs. usability -- then your geek card is hereby revoked.
  • haikuFU, on 04/09/2008, -0/+4Corporate firewalls rarely scan for viruses coming in from downloaded content. Some do, but it's not efficient, and usually only small offices do it. It's all about using different layers of security to mitigate the risk. Firewall, IPS, AV, NBAD, SEM all work in conjunction with each other to mitigate the risk of something slipping by. You can't just rely on one security mechanism to protect you.

    That said, I wonder how long it will be before these guys start hosting their Command and Control servers on TOR to prevent shutdown.
  • toast24, on 04/09/2008, -0/+42.1292
  • Borgcube, on 04/09/2008, -0/+4That doesn't make sense. It WOULD if Microsoft were selling their own patches which they currently aren't or if they were trying to get the users AWAY from Windows to Linux.
  • mrjofo, on 04/09/2008, -0/+4It's pronounced Kro-ken in the original Scandinavian. Krah-kin is closer to that
  • inactive, on 04/09/2008, -0/+3How many anti virus programs make up one "harpoon"?
  • leontes, on 04/09/2008, -0/+3I've always wanted to know: is it pronounced Kray-kin or Krah-kin or are both ways of saying it considered correct?
  • HonoredMule, on 04/09/2008, -0/+3Reading comprehension: learn it, love it, live it.

    10% of all Fortune 500 companies have either detected the virus on their network or traced as the source of outgoing attacks/infection attempts. So 50 Fortune 500 companies have one or more infected machines, but probably many more than one, since the firewall would already be breached/bypassed.
  • toast24, on 04/09/2008, -3/+6Is that verified? I read elsewhere that OS X was affected too.
  • TheGuruStud, on 04/09/2008, -0/+3Problem solved, use Eset Nod32. Guess what will happen to that worm when some idiot tries to download it?
    It will cancel the d/l. If it somehow managed to save, it would then be caught and deleted.
  • PsychoTomato, on 04/09/2008, -2/+5It's OK, I use linux
  • Acewrap, on 04/09/2008, -0/+3Feel bad for everyone who uses the Internet. Those botnets are used to spew spam.
  • santasing, on 04/09/2008, -3/+6I don't see any money.
  • inactive, on 04/09/2008, -0/+3i lold. nice job
  • MoistVonLipwig, on 04/09/2008, -1/+4I've always enjoyed the name "botnet" instead of "PCs of a bunch of lame fcks who click on every mail attachment/and/or site file and don't have an AV installed" - but i guess "botnet" gives a more fantasy theme to it instead of just blaming stupidity (and its shorter ^^)
  • agentshiro, on 04/09/2008, -0/+3Savvy.
  • HonoredMule, on 04/09/2008, -1/+4crap, made a mistake:
    [bury [parent] and [[parent]'s children] now]

    I'm a ***** developer. Even my pseudo-meta-code is wrong.
  • Fetching more discussions...
    Show 51 - 100 of 131 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.