Botnets are getting smaller to evade detection

(04/10/2007)

Botnets are getting smaller, as criminals seek to ensure their botnet swarms evade detection. F-Secure recently reported that criminal gangs are splitting their botnets into smaller groups in a bid to create a multi-swarm attack that can still escape detection. These botnets are then rented out for as little as $100 for a few hours.

"F-Secure's assertion is in line with our own trends analysis," confirmed Yuval Ben-Itzhak, the CTO of Finjan. "Our latest quarterly security trends report that there are numerous new attack vectors that raise the number of Trojan infections that create botnets. In fact viruses have barely changed over the last year they are usually a slight variation of a previous version which are then disguised using code obfuscation techniques. The focus has now moved on to the crimeware toolkits that generate the infections more easily and with greater force. The resultant botnet swarm potential from such infections is significant," he added.

"By escaping detection in this way, criminals can effectively fly their rented botnets in under the security radar, and ensure the swarm hits the relevant Web sites with devastating results. This is a potentially serious evolution in the world of botnets. The change in the web security status has proven to be a difficult task to tackle for traditional security companies. The best way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does", said Ben-Itzhak.

Finjan offers the following advice for corporate users:
1. Check your vendor’s research capabilities and their ability to provide up-to-date information which is immediately translated into actionable security measures.
2. Examine your egress and ingress data policy to make sure that you cover all known and suspicious sites.
3. Make sure that real-time inspection and protection is added to your web security solution. Chasing the attack vectors after the event is always “too little, too late”, particularly if you get hit by a new Trojan that your security solution does not recognize.
4. Make sure that your security solution is updated to handle new technologies and trends. Security products should protect you from the vulnerabilities rather than just attacks and exploits.

Related topics:  Hacking and intrusion prevention   Internet and Web security   Network Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources