From Kelly Jackson Higgins’s “New Massive Botnet Twice the Size of Storm” (DarkReading: 7 April 2008):
A new botnet twice the size of Storm has ballooned to an army of over 400,000 bots, including machines in the Fortune 500, according to botnet researchers at Damballa. (See The World’s Biggest Botnets and MayDay! Sneakier, More Powerful Botnet on the Loose.)
The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of machines running antivirus software.
Royal says like Storm, Kraken so far is mostly being used for spamming the usual scams — high interest loans, gambling, male enhancement products, pharmacy advertisements, and counterfeit watches, for instance.
Its bots are prolific, too: The firm has seen single Kraken bots sending out up to 500,000 pieces of spam in a day.
Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. “We know the picture… ends in an .exe, which is not shown” to the user, Royal says.