|
|
|
Small Botnets Cause Big Security Problems for Enterprises
By: Brian Prince
2009-09-29
Article Rating:  / 8
There are 0 user comments on this Network Security & Hardware story.
Research from Damballa shows the biggest botnets are not always the most threatening when it comes to swiping corporate data. In a study of more than 600 active botnets, security researchers discovered that the smaller networks were often used in highly targeted, more dangerous attacks, Damballa says.While massive
botnets such as Rustock and Conficker often make headlines, research from
Damballa released in September shows many enterprises are under attack
by smaller threats they've likely never heard of.
After
tracking more than 600 botnets over a three-month period, researchers Gunter
Ollmann and Erik Wu discovered that most were composed of 100 nodes or fewer.
Those smaller botnets represented 57 percent of the total. Twenty-one percent
had between 101 and 500 bots; 17 percent had between 500 and 10,000. Only 5
percent consisted of more than 10,000.
Finjan
researchers find a botnet controlling over 1.9 million computers. Click here to
read more.
"While
many people focus on the biggest botnets circulating around the Internet, it
appears that the smaller botnets are not only more prevalent within real-life
enterprise environments, but ... they're also doing different things," blogged Damballa's Ollmann, vice
president of research. "And, in most cases, those 'different things' are
more dangerous since they're more specific to the enterprise environment
they're operating within."
Many
of the smaller botnets make use of "the popular DIY malware
construction kits out there on the Internet," he noted. Some of those,
such as the infamous Zeus Trojan, can sell
for as little as a few hundred dollarsbut "can often be downloaded
for free from popular hacking forums, pirate torrent feeds and newsgroups."
Ollmann
continued, "It looks to me as though these small botnets are highly targeted
at particular enterprises (or enterprise vertical [sectors]), typically
requiring a sizable degree of familiarity [with] the breached enterprise
itself. I suspect that in some cases we're probably seeing the [handiwork] of
employees effectively backdooring critical systems so that they can 'remotely
manage' the compromised assets and avoid antivirus detection The problem,
though, is that the majority of these 'freely available' DIY malware
construction kits are similarly backdoored. Therefore, any [employees] using
these free kits to remotely manage their network are also providing a parallel
path for the DIY kit providers to access those very same systemsas evidenced [by]
these small botnets often having multiple functional command and control
channels."
The
smaller botnets appear to be "more professionally managedwith botnet
masters specifically targeting corporate systems and data within the victim
enterprise," he wrote. Rather than being used for "noisy attacks"
such as a denial of service, "they're often passively monitoring the
enterprise network to identify key assets or users" and then going after high-value
data.
"The
net result is that these smallest botnets efficiently
evade detection and closure by staying below the security radar and relying
upon botnet masters that have a good understanding of how the enterprise
functions internally," Ollmann wrote. "As such, they're probably the
most damaging to the enterprise in the long term."
|
|
�������x}r۸j�9km"u�)%[r�xeT(�8H.̙/Oo<�xӅl';-��ݍF7?I�p4ô1f�%S�TI�}"I�~x�hC~0`R)rdx�BԲ|W�R�#Yخtj�5���5Gl$r~x#A�t=NN5��%�j'A]m1c{z}_6ژ2z9o0�f��E63F�}=D@�~5{�ss�!&H|,Z�="?�
�XqL��G�Ha��T$N5ol�QX
��)�RX^P~�FD;玗5~{F5~{�>Ӏ�o`V黖6?"C�AQ��eKVCl�v�i!rs�!�gKͻ�HbPrN7w#2�5AR�Z@[
�4Ԙ��HeCc`Ww,ǃɩT*�TjQ3#mjZ�35-3GؾQ̀���A3E5��L֟C($fҀ[8Qʉ��<{eCN,[�SAVU�衂ĠʠW:+֟�㽩S=k>]rvZ�9ސVcCRh2胆:m�5ƹ�h$�
47P}HOQI�$�p|g�t�T�ێ�]6}l2���9<8�,&&�zArWt��#X`���V����PC�h��' 6)d@}�>\�)�Qm^3-mhZ1 �5f:%Km���r%Fa��AD�ȣ��I&BD(jH�B
!A�lq���[$p�hd�d+���~GaDBJԂeNk@�G҅3v�J\B=7^ ˥>*-�qR% 53TYNjL=?뺾j3!�~�G�,[E`z9r,T��.�k
O��Jԭy�Rp�|:IkB{42u�0s���uy=A�-��*)C
KX�V�Xs�p?7�c@C>yBLn�aDpI.3hy:e~=Ꭴm�\.CmE�c7�˅L4 +UPL�g<)*h7l2�0筷
VM\XebʁZO%e�XScXMϠDa��L~b0q�u/$1La�V|�l\6���Lc˺r+dfYW{#Vv/K\>�?u�r@,�H#oh��m^¢xSҧ֡R(k���Ӳ�=R@Q(cpH,`_��\�І> B�&�Z�1�-[��*���=;$⦼�t�݁��lx"RB3�M==1�*�2~3�;x&Ukb�ی�(qIVYa�Xg7#UFQH.a�g4�'k�yw⾽4Mc٧Rz7�l;C9�.nV+ #.j$ c`ײ� _V�AX;s;�*R�Y�G���Y�&�HH�TEetܙ 0�>A,C��7Mt� �`B��E��:Ms�8-!z@z�zλWԴG�+%�5"3`4��JuFt)D`�~�؇^gm/ JzX+*5 (K^3�b�RD��iƱ�4;D WI4b+��\W�.Vٸ�@İ/wy�U-'eA0�RIpg=HY:Vߺs�lʴ.>yr
5rAp'2A g ,[;A?]S3ѰdNsL}oRU�4�gJ�B��v�i7O�UX�2�1�y-0�e
5v�VCi�z ��l䔻%�
"8&K�G?.zCd�DryZ+�_�lV@a9L6k\rR)U��
R=cx�864>u'Si
lm[Q
��F<�H�SJ!OdP��H�z9$2� SecxX�*y�0wJ_8�kA~�f^X)c=+@,JPG�z=͠1�pU
Fnu1H>rc5b dri#ZMbZ*BB'a�CJN��MFmymP3[-!J8�ӛ}N,@ n|G!�T�%�BG8�q�{/;C7�")O@^82Zik.[Œ�4H]4 �1cfa2N4Kۄ*풦I,G� �b
�U!w�� 4&ZQRjOCsw@\z̼tDqh2)i*)bZ7D_L7 xE8D�C���`t>�X86�a
c�Pҟۆ �˕~7?l)ɡH�HD�>DWF{y¡�;QXk�\'���ڿ�
�����$�/Ix4�S"��:Al�zg]Itm??"EŞuYs��p�{fnt��+19owޝ{~cq m2
}U\:"c�n�ZR߅Ӹoٷ���!�K1Nc�bwmɾW2z^^7[;a
.gKV@ɁUN~Rl\/~v/71\dcxdF1ACԼ輻:b<*���ݼ o=n6<M"dF�k�܃a+W�f@ toZ�N,��XMR! }%2��>Cՠka')-�
�*vjRZz]XgUH.~k�ƇWhqb��x7~@0E�;䈜|){~R90kd{T̴jRjs2fW4}BƋ=ف9i֦�~t� �c
[ ~]�
js7_InMz2*
uiW8�8yY"�'�T3m�b�iuUO�
i^}ꟃ�&'mX_ |1�$?T-�н�>�u?�z}l^ﯣ&�<0�Yz$ACvo~䄜7A;z_7Ş`6tͥV<�'i?{¹"CWq�[:�`)]$�XH�!Hn
e_."+2gNIɅ^t92�X%x�7YM��(fh,�yi99�Q35Ӈ�|4Pϣ�|�k~<ϸ�
]ek��
)��O}�Yj}E.]9n㚨�p;D�98E^]8V�䑼D�qD%��t`�
v�U��mr5O�x��Z�~D� RbN�UN���i���j*Όs�$��gr0
= l�;�m�ݭn \� ?#B��;BJ��[4��2�]Cn�?�u�k=Ǵ
,Gi��pqVԱ�Q*/���6oN{kA�|;-e�\1Z*%~a�l�֒[0s,BH��LV&��(
�zГqk+\<ъO�m1-}�OF`l�{4E��gL`d_|`ɤ˝^^1�'�/_z��9EG�^M� `L~cےXR3H��BESg:�,F='O���L|@fo<�o=P<
{M��ڶ:&K#r;��w7�jӣ/?��TƀSg�i�ilO]˙SJ痹.M#$W�鑰4LQL�p~ !�s{Y�uQ�71#F� 4�%-̍�К[8&@/uy/ǝm'Fo6�S�m>�72dg@b ă)tX�����9i)�@8NMB��p1�"%��:u2l`d��w[&
M\bY�*n{cg3:8c:&B�zƑP3v�cIo,3´�vL=c>���%n�xf$AK|T�7�19*v�oW\H��Y��&�qqbyehL�Z^-'&W-�gYѕh[oޠ�V�ȮZ�,��BH�{
$��(aPM�%�R@^ TtoXf#�TLj,U��!嬟V59Ԓ�Y:�y-~s�tZ�(:�?�w@�u<��U�V� Ȯ6?$ȅGw>Sj!T̄Hy4"�*?+l+�TI=|A|�ߵ鱮{RUbQ}I�#`"=7͖JJ\ʠ;�.V\%�\d9EjC]ءNt(�ʒZږNKTN�Ђ1Ũ|H7lC�i
=��tjAX!lXa�`;�H"$�bQ�^䅉gOp?��ۑ��ERےaɰK��D��cR".�? ҂�y]"�e�c
�D
�I)HJe[R(?D
�vޛ�8qgX;w�e �6_z9K7mgGg!nIf`E~>rqÎhH�l9oٌ
w/��:gQ�)l-̑Km�@PI<��ZRZm:�rķ�?�ml��71��M8ʼ�=;B=#��k15~7~7~7~7psaE)UBPn&h#�#
@TӅ�1t>eKū9ׁ%Q@غU�'�?77ib}}CP)M�T/�])Lg���w=^4!,Ӡ��M�a5�~JךG0��5|kցk}l@V2̘EIX`}f 88υ(v�nlW[�cǬU�t~2�m��Ӈ=38s3��Z
!7-��tA�/f�1hێmom�L�
mz�gf��:3@M36T ^�Xm_ބo7�<6Al�Yw҅yG%M��%Ԋ5!XhDyy�5SUi-tLGDE:q�ihl��PbUZ?mXZlyI9=r2cTܵ�0�Gx8q�Z{n_iG[7�z���;jZƇHr=�sb��ş-�g3mx)զ��%)o5$�.ž�&� �'5O�73cXy���XsP if5��N�d4.{}�m+
`|F0��-c�l�!(*U=i��ȊkٵqdyN{��uV.�J$&�Y{-l;�[�y{�©Yj:<J�E�`���+┱fne�@�93?U��H4T�"G�GKɻ��r�z@�Q@
sƫ�d5XOq/Yn/pQmuӠ2/�
Z�od=I��I3m'f)Zbz8S[�~�xv1�B14���B��O5s؉�Tφ~SY0#D�<$,BR��
�j�`ڀO;��_ j~Zt(oԍ9V�@ǵfc/QJC�gȵAc2`�A뽰��0.$,f,V6Y`iVO3�/0q_n]OxٗL�G�v�{у%'s:^{&TXTC�1(AƵH�?H��G@M�r~�D
�Ɲ@ #U��[+$? o�tX)aw�Ƕ=/|AFc`�5BwK�$5d�&��BaD0DtI
rซa�#�ʱ,q�?DYD6�q.|�سM e9LٽܕŤ�=BH�4'~CX�^fQ<0"}B~6#eT[QR],/��T-tSDVj�9��"�'"��7f"TX0�p�DYdbɠ1=���^,iLxSZ�z�/lsq̩,,
^4�J11ǜS@jPYOQ.��]ZˣXuZ.�{<�&f@]���&|�-E(�([^�3H�uP��Q�RUP*$Ai�>&Ũ�tWbjƆX5�0��zZ3XvX5^��ڹArX+ ~Kmy�5�Jr�%�M67�Z}#�T8
3pB�KY��cLcPN��A�~8b�_j���~OR.mgE*j�@4�`C"NhR$2֣VV߱Z,Jvwk1�7}yJM-TZI�ܣz ��l��Ǟ�S�Q�z_c<0sP="�QGl�F^.b�y[9i�n߰UX�l|� �pv+cUm5ݵXMc���zit3!Gi �,^i=o�
;� m5H`#EvNgvx
�H
��frj73>ѽ^��3B{sl^9~K:hO���)�
ʹG[Vj湐�.04&0$9
@\5��m0hi�Dsnj̏XJ0_]�z!|�#�#�oEigJ�#|�bx7�@�vͲ"f63ZMikxw4(_�S�S?+c
مD�x�b1bV�զɝ$��a�zg�:U��ڿG!gV}8
hMl7}�|W:�g|'OҥfZ,NEN�l5aT0�|L]=n�mxX8T��DvM�ɻ�h�:���hTLu
#���m{=^zLfRO�< ��N��9�cǝ�I��RG�$y'-bW�d"$@���>'�_�Ѿm#=4;�}ۻh�ZxX�2�嵉Dp@9�țF[@�Ӡp̋�
36g<�>)@vQY�k��j��n0Os.}j�1;OgC.7L�h[�:�LZ�S4eN;}s+��ƈ\e�Ð�3�[}MŰD�Ĥ c�
4F�H[�~�cMV?
li
X���!���a`T�b�E!kiHH�9 y�oyX_|� q@>v;Zj��
�!�1�g昑G)F�|>ך�`@x_�P"Ы8��U.Jge��Y �d����w
j�9�
Q@Ē�v7U+I�F�ͬ�0S�L�\��֘�e��s��?6u�Oe~qt:@�͆S3�g;._�l9t:W��1�&��|^%n��wKM -RyN��]ƒ�$�BѽӜh"_7=}?݉2���}x��И1�wT�0%Tk�L��|�+V0cE)'.�uV2nV?/ .4!W�)WT�h����s##vGC�Ti`�5P }a3bqO4n00�O{C&�'ӛuӽ"'-^d¶V-J-�et[Nן:WU��Oy+Q慶xQ(;KzY�yfzʌTN�\�X]dqx�ixɎ>+b,.6�?
Nb�D0/�* F:���fullťN��_�NEKN�#CE@oAK�e~�5=V0�8���S^}'ݫv�ԼV(ۼ�r�3_3o f}i�(߅nF>Rz}~�pjgB3Y�~Ae�>kwwZF�d�3|'{^F'>�_dծq1?0ˌ_�,�^�~.3s �%e�}^�}^f'U>Bnjs?�##�/3a~2
*`2�f�! _��:>uF��{�{��3/�@_�2#ʇ}�G�BmV>m�B��f_ru��|ּƍ)�IF~98ɠr�EV*SV>l2�!?CU
A/nt3��VLY[lOм�z'ϊ'eFWTC�ﹲ��d^ {Wrr6VD=՞bbM�x{,xlDZJ96�b�a)M]�5,ޜl>܃f
c>s2� #ţ,N
'Hߪ�hĻO�E�ٞ<�辈r�c>v#�_��¸x�&`bAҹ5yhzoqG~|_<ڻsϬuUW��5V��IA6KE>];x߇�ߊD+,x��e��HIZ��͇f>|=xC//x��uv>O?tXjA�i\5/�wmhϦ"diiPͩ)�N(P�"D7�4�\9g)螡�Zȧ/�B
�mqo8c�5c[&:IΝ
JIUKJ�~+jZ�' a��/Ê*+�P#}a`J\�L��3DA�J3
��.3m^d F�5ϡ'�!,�p<@>FJ�] DK(� |@M|6"x1 ͛Y�.�E5/�/� {_A1�B��
�蛹�|��|�{ۈWlr" �_(qf�����L&�ʠbC�a�4%uv[z0��S|w���3@�X&38V�"=7�.@c��dG�!/M)B�~�S�f@+ՃoRs�0� J/nӮG��#K�^,v,Dm���'�Q0Zg~ǵ�e3�@�r=bŇ��"�C�tuy9L"��ģJ\x�;�
n+g·RO4m f9,:w*a5ݸq1|o�#0W��/I�vM'G4wB�w*3Ur6�Bp�s߱iB�
ث
�~Ōз�)%,L$Xm%۹f$ӧ�u'�GsMz9Hzգ}#�/��jc���f\�gHa.x�<�AR�~Q�^Ռ[#|F+��F3qyU�� (pd+D~!-zO-Ř�z LJ @b
C%rvu�>�<}"1b1?0俈x!$�[0/<�~�h=$N�>�:!S1Q1ւ�_�gwcx&%�mY d�v.ychE*6\J��T��$|Cb1G8]x
MAE~%KG
ϻy��H(t��߅ϩf���C ���A{gٺ*عKӘ2L1А8vRCKA#4
ӏ��eh[b ��#&�
X|�w^ة;��qVG��3>ƛ�rx{GkMxWG��Q*ۓ|�?�� o�e�:�з��57d�(Z|�Ӽ94�(N�A")1��PE֧2R8WD
�^)Yb���d횙69qgS@NDv'˫Pvx
Vs6�Na]|˼+Aў(Y�nw0w6L�5#]ZD&+8~mA=ae;,+U�rcxd+�[f�:ePqEX� o'�ᠢ'W%`/��9H�]3`�^)ZuA��1�4��VB
(a��4AL?Q`ɟ=zTqޮ�7(GL}ݴKQ`W�*��n�u�ywD�7(+]y�#�Q1V�ovf$оfp�a�lX�� V|M�7Ϗp�`h2[u�^=-lI12��m�PC�ik5RK�Eq�
sXǼȖwWRڱ!�;r/D?8��@
caL ��;fcJ
,�oԛ'TS*a#�o�*�;A^es�S$��˩Y)��
>}HvdZU�`/63lQ�_zc|>۳z� _jPpP�9˓Z��0����
��9LMhc{p�fa�J)�m!g�#��τ T4}|j}�X�
O!�gw�
Y�-�E�ڋZsR.)C395E� [}�ɦ|NԌnBa��r|��=hL$w�8#�s�93|,/�A,rs*]�_7�Nb�biS�qJzfk��gFk;,O�{(F18yw?Z}ڽ`;{<}%�-9EMBi��B"D�+wl:W�?`*X�8M�]l��Gb�P5]Ө+jE&IL#;ou[�'-�].aT+n� o]�F'e1T�ɜK�BS+$�OY/�VTNdƗZQbn;5�6BJFkl�{6�5��~,~�B(��
|
Network Security & Hardware 
