- Innovation, regulation and research on tap at RSA 2008
- Researchers uncover 100 VoIP vulnerabilities
- Badware not pushing users offline
- Web attacks won't stop
- Most sites still hack-able
- Tips on employee monitoring
- Research: IT security maturing, but misaligned
- Clarke sharply criticizes Bush cyber-security plans
- Conference seeks to bridge risk, research
- Core finds new CEO
October 03, 2007 | Comments: (0)
Botnet herders tending smaller flocks
For the last year or so, security researchers have been highlighting new techniques being used by botnet schemers to evade detection by anti-virus systems, law enforcement officials and network operators.
Among the most popular tactics that botnet herders have adopted to this end are P2P exploits that propagate themselves and any content they are being used to distribute without the use of traditional command and control centers.
As a whole, savvy botnet herders have also begun to utilize their networks in a far more discreet manner, keeping their zombie PCs lit up for smaller amounts of time and using larger numbers of infected machines to distribute smaller amounts of malware and spam.
Now comes word from researchers at Finjan that botnet keepers are also using smaller networks to help evade the prying eyes of security teams, IT departments, ISPs and other carriers.
As part of this effort, F-Secure contends that botnet operators are also splitting their networks into smaller groups to create "multi-swarm attacks" that are harder for any trackers to follow.
"By escaping detection in this way, criminals can effectively fly their rented botnets in under the security radar, and ensure the swarm hits the relevant Web sites with devastating results," Yuval Ben-Itzhak, CTO at Finjan, said in a research report.
"This is a potentially serious evolution in the world of botnets," he said. "The change in the Web security field has proven to be a difficult task to tackle for traditional security companies. The best way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does."
Finjan claims that botnet operators are also increasingly using malware toolkits to build new types of Trojans to deliver their zombie code.
"Our latest [research] exposes numerous new attack vectors that raise the number of Trojan infections that create botnets," said Ben-Itzhak. "The focus has now moved on to the crimeware toolkits that generate the infections more easily and with greater force. The resultant botnet swarm potential from such infections is significant."
In the most recent iteration of its twice-yearly Internet Security Threat Report, Symantec reported that botnets have also taken on an increasingly regional flavor, with Chinese users in particular being assailed by the threats on a far more frequent basis.
Symantec reported in September that China had 29 percent of all the world's bot-infected computers over then first six months of 2007, more than any other country, and said that Beijing was the city with the most infected computers, accounting for seven percent of the worldwide total.
Posted by Matt Hines on October 3, 2007 10:01 AM
RATE THIS ARTICLE:
-
- COMMENTS
| ZERO DAY PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
- Reduce Recovery Times and Tape Costs
