Battling Modern Botnets
Botnets continues to improve its technology and change tactics to beat today's security defenses. Modern botnet designers actively work to:
- Bypass IPS and antivirus signatures through techniques such as polymorphism
- Avoid triggering security heuritics such as those found in network behavior analysis tools (NBA or NBAD technologies)
- Stay in stealth mode to avoid users or IT administrators from noticing PC slowdowns or excess network traffic
A 2005 Federal Bureau of Investigation (FBI) survey estimates that cybercrimes caused $67.2 Billion in damages to businesses. Criminals are increasingly successful at profiting from illegal remote access into today's networked computers.
Attackers now amass huge numbers of illegally compromised PCs, otherwise known as bots. They coalesce these compromised machines into centrally managed networks called "botnets" (short for robot networks). Botnets commonly consist of thousands of machines. The largest reported botnet was over 1 million PCs strong. (Dutch prosecutors seek jail time for botnet duo) The recent 'Storm Worm' botnet may be as large as 50 million bots. Botnets are used to perpetrate:
- Identity theft and compromise
- Corporate espionage and intellectual property theft
- Distributed denial of service (DDoS) attacks aimed at extorting e-commerce sites or to bring a national network to its knees
- Spam e-mail distribution
Botnets use modern malware that takes many forms. Most people know you can accidentally install malware by opening an infected e-mail attachment. But most still do not realize that a generic banner ad can deposit malware on your computer turning it into a bot, or zombie, and exposing users and companies to serious losses. (Attackers strike using Web ads) Frankly, this is old news to IT security and networking professionals, but most end-users are blissfully unaware.
To contain the threats effectively, detection and analysis of the bot malware become critical. Deriving accurate and complete intelligence at an early stage of the botnet's development and being able to distribute the intelligence rapidly to mitigation devices across the network for enforcement is the only way to deal with such a multi-vectored threat. An anti-botnet protection system must includes a coherent botnet detection strategy, a botnet gathering and distribution network, and an integrated set of botnet mitigtors. Existing security gateways can serve as effective botnet mitigators, IF equipped with quality botnet intelligence created by devices like FireEye Botwall appliances.
Learn more:
- Over 1 Million Potential Victims of Botnet Cyber Crime - Federal Bureau of Investigation
- JPEG exploit could beat antivirus software - CNET News.com
- Cyber Security Alert TA04-260A - Microsoft Windows JPEG component buffer overflow - US Computer Emergency Response Team (CERT)