There's a new botnet worm on the looseKraken seeks to sink the Fortune 500By Egan Orion: Monday, 07 April 2008, 5:13 PMTHERE'S A NEW botnet rampaging across the net that's already infected an estimated 400,000 machines or about twice the size of the Storm worm botnet, according to Damballa.Dubbed Kraken, this newest botnet has been detected in at least 50 Fortune 500 companies and is said to be invisible to the antivirus software running on 80 per cent of machines.Kraken hides by using a combination of ploys, including changing its binary code regularly and morphing itself so that it evades static pattern matching.Paul Royal, principal researcher at Dambala said, "It's easy to trace but slow to get antivirus coverage. [That] seems to imply [the authors] have a good understanding of how AV tools operate and how to evade them."The Kraken vector is encrypted and appears to the user as an image file. When the user attempts to view the image, the malware decrypts itself and infects the machine. Like Storm, the Kraken botnet is redundant, adaptive and resiliant.So far Kraken is mostly being employed for the usual spamming schemes. Its bots are busy demons, each spewing out up to 500,000 spam emails per day.Damballa says the Kraken botnet's primary command and control servers are located in Russia, France and the US. It predicts the botnet will grow rapidly.