Kraken to Surpass Storm
Following on the heels of MayDay, another report indicates a new botnet that is thought to be twice the size of Storm. This claim, however, still has yet to be substantiated. We have contacted the company in question who released the report for further information, but so far have had no response. The botnet, dubbed Kraken, uses encrypted communications, encrypted payloads, polymorphic droppers, and may include redundancy to recover from a command-and-control server being taken offline. Symantec Security Response has come across a sample and has released a new detection named Backdoor.Spakrab to identify this malicious code. However, we have found that computers protected by Symantec antivirus products already have high coverage of this threat as Bloodhound.SONAR.1 and Hacktool.Spammer.
Kraken is thought to be infecting computers by using social engineering methods similar to those used by Storm. The malicious code is believed to be posing as an image file to the user, although this has yet to be confirmed. At the time of writing, the Trojan is serving up debt consolidation and gambling-related spam linking to Chinese sites. Symantec will continue to monitor the botnet's presence in the wild and update accordingly.