Semalt botnet hijacked nearly 300k computers

  • 3 September 2014
  • 0 replies
  • 239 views

Userlevel 7
Author: Zeljka Zorz HNS Managing Editor/ Posted on 03.09.2014
 
The “Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn.

The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.

The goal of referrer spam is to create backlinks to a specific URL by abusing publicly-available access logs.

Semalt - and other offenders that engage in this kind of practice - use script bots that ignore the robots exclusion standard (the site's robots.txtfile that gives instructions to web crawlers) and spam the server with requests.


http://www.net-security.org/images/articles/semalt-03092014.jpg
"The process is fairly straightforward. The bots access hundreds of thousands of websites in bulk, sending out requests with a synthetically-generated 'Referrer' header. Each of these headers contains the website URL the perpetrators are trying to boost," the researchers explained.

"All such requests are automatically recorded in access logs, creating a HTML referrer link. These links are then crawled by search engines, while accessing these publicly-available HTML resources."

 
 
 
Help Net Security/ full article here/ http://www.net-security.org/malware_news.php?id=2857
 
 

0 replies

Be the first to reply!

Reply