1:59 AM
Unknown
Emerging threats for…all data-driven!
BOTNETS
In 2008, botnets have turn into worse—a trend expected to continue following year.GTISC estimated in last year’s report that 10 percent of on-line computers have been component of botnets,groups of computers infected with malicious code and unknowingly controlled by a malicious master.
This year, GTISC researchers estimate that botnet-affected machines may comprise 15 percent of on-line computers.
“Compared with viruses and spam, botnets are growing at a faster rate,” mentioned Wenke Lee, an associate professor at GTISC along with a leading botnet researcher. Lee cites three unavoidable factors which are spurring botnet growth:
• Infection can occur even through legitimate Web sites
• Bot exploits/malware delivery mechanismsnare gaining sophistication and better obfuscation techniques
• Users don't need to do anything to become infected; simply rendering a Web page can launch a botnet exploit
Bots can also be delivered to a machine in a variety of ways—
via Trojans, emails, an unauthorized instant message client or an infected Internet site. Once installed, bots lie low to avoid notice by antivirus and anti-spyware technology.
Periodically, the bot communicates to a “command and control” server and waits for your response.
The communication— using the command and manage server as an intermediary—can preserve the malicious bot master’s identity hidden.
The communication— using the command and manage server as an intermediary—can preserve the malicious bot master’s identity hidden.
Lee issues out the distinction among botnets and malware: “What we think of as malware can be responsible for turning a machine into a bot,” mentioned Lee.
“But conventional malware is often a single-purpose attack.
A bot really remains over a machine, maintains a command and manage mechanism to enable communication with the bot master, and can update itself based on people communications.
The updates enable new bot communication and malicious capabilities, and are often applied to avoid detection.”
Bot communications are designed to seem like normal (Web) targeted visitors using accepted ports, so even firewalls and intrusion prevention systems have a tough time isolating bot messages.
Lee agreed, “It’s incredibly tough to filter bot traffic at the network edge since it uses http and every
enterprise allows http traffic.”
Prompted to act in unison, bots turn into bot armies that harness considerable computing power to engage in a
variety of malicious activities, including:
— Information theft (social security numbers, credit card information, trade secrets, etc.)
— Denial of program attacks
— Spam delivery
— DNS server spoofing
According to a report compiled by Panda Labs, in 2Q 2008, 10 million bot computers had been applied to distribute spam and malware across the internet every day1.
Damballa continues to find that 3-5 percent of enterprise assets are compromised on average by targeted
threats for instance bots—even during the presence in the best and most up-to-date security.
Leading industry analysts predict this range to be even higher.
Leading industry analysts predict this range to be even higher.
Posted in: 
0 comments:
Post a Comment