“Brain Food” Nuisance Spam Botnet Tracked To Malicious PHP Script On 5,000

By   ISBuzz Team
Writer , Information Security Buzz | May 25, 2018 01:15 am PST

News broke earlier today that a malicious PHP script found on over 5,000 compromised websites has been fingered as the source of a large-scale spam campaign that has been silently redirecting users to web pages hosting diet and intelligence boosting pills. The purpose of this script is to keep hacked sites under the control of a group of cyber-criminals, and manage dynamic redirections to various spam campaigns. IT security experts commented below.

Sean Newman, Director at Corero Network Security:

“Recent reports of the highly prevalent “Brain Food” botnet highlight just how frighteningly easy it still is for cyber criminals to hack into and take control of legitimate websites.  In this case, the botnet is focused on monetising spam campaigns in the form of selling pills, with various claimed benefits. However, when the number of compromised sites runs into the thousands, as in this case, it’s easy to see how these could be harnessed for other nefarious activities, including the launch of DDoS attacks. And, in the same way that very few organisations these days operate without a Spam filter as part of their email service, similar consideration should be given to being protected by the latest generation of always-on real-time, DDoS protection.”

Nadav Avital, Threat Research Manager at Imperva: 

“This kind of technique used by hackers to overcome spam filters and prolong their attacks is not new.  Also, using base64 encoding to obfuscate the attack is a known method used by hackers which can sometimes work to the defender’s advantage, as we recently demonstrated.

Last year, Imperva uncovered a similar botnet that infected sites with a backdoor script that sent spam emails and redirected victims to fake Viagra pills sites.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x