Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management
    • Networking

    Detecting Botnet Infections Requires Novel Tactics, Constant Monitoring

    By
    Fahmida Y. Rashid
    -
    February 24, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Businesses can defend against botnets by improving their detection skills, training employees to identify infections, and minimizing attack vectors, according to security experts.

      Businesses have to improve their detection skills and not rely on preventive techniques to defend against botnets, Andrew Jaquith, the CTO of Perimeter E-security, said in a Web presentation Feb. 24. Businesses can take a number of steps to defend against botnets, such as proactively analyzing logs to find suspicious activity, but the most important is to realize the traditional defensive technologies will fail to prevent an infection, and to plan accordingly, he said.

      Previously, there was a sense that if a user was infected with malware, it was the user’s fault for going to questionable sites, Jaquith said. That is no longer the case as even mainstream sites can have malicious ads served up by advertising networks. Furthermore, increasingly sophisticated phishing and social-engineering tactics make it difficult to differentiate malicious scams from legitimate messages, he said.

      Infections are quick and stealthy, said Richard Westmoreland, lead security analyst at Perimeter E-security. In a recent incident with a banking customer, it took less than 8 seconds for a computer to be compromised, he said. In that incident, the Mebroot Trojan infected the computer, based on the Neosploit kit, which opened backdoors in the system that allowed it to communicate with the Torpig botnet, Westmoreland said. The user was unaware of the infection and continued to access a number of financial sites and other sensitive information, he said.

      Traditional defenses, such as firewalls and intrusion prevention/detection systems, aren’t effective against the botnet threat because it can’t scan or analyze Web traffic, Jaquith said. Firewalls may be able to keep out some malware, but are entirely ineffective once a system on the network is compromised because it doesn’t scan or filter outbound traffic, allowing the infected system to communicate with the remote command control server, he said.

      Signature-based scanning such as desktop anti-virus and intrusion prevention/detection systems can’t stop zero-day attacks, or examine encrypted traffic, he said. Malware authors also test their kits and malware with several anti-virus programs to ensure they avoid detection.

      Businesses should try to filter Web traffic to as many unknown URLs as possible, said Jaquith. If the user is trying to access a URL that is not recognized by the network security product as falling into a specific category, such as entertainment, news or finance, then businesses “are better off” blocking it, he said.

      “About 90 percent of the traffic goes to the same 100 sites,” he said. Anything else should be dealt with on a case-by-case basis, he said.

      IT teams should minimize attack vectors, such as keeping browsers updated and removing unnecessary plugins, he said.

      Most importantly, senior executives should be held to the same level of security, even if it means having a separate team to ensure the executives are complying, Jaquith said. The security breaches don’t just apply to regular employees, and executives actually “need to be safer than most,” he said.

      Anonymous recently managed to hack into federal security provider HBGary’s systems because the CEO and COO had weak passwords, according to Ars Technica.

      There are three major types of botnets: spam, attack and financial, according to Jaquith. Spam botnets are responsible for the majority of the world’s spam, he said. There are several major spam botnets, including Rustock, Xarvester and Lethic. Symantec’s MessageLabs has noted that in the past the Rustock botnet accounted for as much as 47.5 percent of all spam. Joe Stewart, director of malware research for Dell SecureWorks, called Rustock the most prolific botnet at the recent RSA Conference.

      Financial botnets are customized to steal bank account and credit card information, Jaquith said. Sold as kits, the botnets in this category include Zeus, SpyEye and Torpig, according to Jaquith. He also noted SpyZeus, the new botnet that resulted from the merger of Zeus and Spy and the Zitmo, the botnet targeting mobile devices. The FBI has estimated a Zeus gang stole more than $70 million in 2010.

      The attack botnets are often used in distributed-denial-of-service campaigns, said Jaquith.

      There are a number of vendors with products that claim to scan for and detect botnet activity, including Damballa’s FailSafe, NetWitness Spectrum and HBGary’s Razor appliances. Perimeter E-Security offers information security on its security as a service platform.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×