Some hugely prevalent, worming families just won’t wither away and disappear. They top vendors’ prevalence lists for years on end, even as the malcode fails to serve its original purpose. As the ThreatFire community grows its presence in Mexico and Brazil, it protects more users from a relentless worm originally distributed from Indonesia, Brontok.
Brontok is a mass mailing worm that isn’t mentioned all that often anymore, being out-amplified by sensations like Conficker/Downadup/Kido, but its many variants continue to show up all over the world. For the past month, our ThreatFire users in Mexico and Brazil have been most protected from these Brontok variants, being run and ThreatFire-prevented on desktops in high numbers.
The compromised hosts used to be abused as DDoS bots, attacking sites around the world in what was unconfirmed as hacktivism or blackmailing attempts. Now, however, the worm travels without a head in the sunniest tropics — the major provider (unwittingly at the time) hosting Brontok’s configuration files have long ago taken down Brontok-accessed command-and-control server accounts.