Monday, February 11, 2008

The Mega-D botnet that everyone was led to believe was so huge apparently isn't according to a recent blog post at

SecureWorks: Ozdok/Mega-D Trojan Analysis

by Danny McPherson

Enabled by some spam samples Marshal provided, Joe Stewart and the good folks @SecureWorks, with an assist from Team Cymru and my|NetWatchman, have identified the malware and botnet referred to as Mega-D.

It turns out Mega-D is composed of bots from the little-known Ozdok malware family. Joe provides some analysis on scale and distribution of the botnet here, as well as some detailed bits on behaviors of the Trojan itself.

Based solely on the hostnames provided in the analysis we (Jose, actually) was able to find three samples in our database, with dates all well over a year old:

Read the full story at the link below.

No comments: