New KOOBFACE Upgrade Makes It Takedown-Proof | Trend Micro | Malware Blog(情報元のブックマーク数)
KOOBFACEのコマンドとコントロールするサーバが新しいコマンドを装備したとのこと。プロキシ経由でコマンドやコンポーネントを取れるようになったみたい。
Early this week, the KOOBFACE Command and Control (C&C) servers issued a new command to its downloader component. This new command identifies a list of IP addresses to be used by the downloader component as Web or relay proxies to retrieve subsequent commands and components.
New KOOBFACE Upgrade Makes It Takedown-Proof - TrendLabs Security Intelligence Blog
In the old KOOBFACE architecture (see Figure 1), the downloader directly connects to an available C&C to receive commands. However, the new command seen early this week actually changes the KOOBFACE botnet architecture to something more like the diagram in Figure 2.