Botnet Myth Hampering Businesses
Recently, Gunter Ollmann, Vice President of Research for Damballa, stated that several businesses believe in a one-to-one relation between the malware and the botnet, i.e. a particular malware is associated with a particular botnet; thus, they assume that protection from a specific malware makes them safe, as reported by DarkReading on June 10, 2009. However, in reality, it is the other way round.
Ollmann added that organizations, having discovered the detection technique for an updated Zeus, roll out that detection file to all the hosts on their network. By doing this, they believe that they have safeguarded their network against this botnet. However, after some days, they detect a fresh Zeus infection and get surprised at the failure of their detection technique.
It is learnt that Zeus is one of the widely popular families of botnet which can be created by a commercially available "do-it-yourself" malware creation kit. Though, the command and control of all the infections caused by Conficker or Zeus are not in the hands of a particular botnet operator, highlighted Ollmann. In fact, botnet operators regularly keep on changing the malware family they use for targeting the businesses.
Ollmann further explained that businesses witness several media reports of around six million Conficker hosts; however, it is not the work of a single botnet operator. Multiple operators are responsible for different variants of Conficker.
Security experts think that this type of misunderstanding regarding botnets has steadily pushed up the rate of botnets in businesses. According to Ollmann, even the networks of several high-profile and eminent technical customers have been detected of having 3-7% hosts suffering from botnet infections for past couple of years. Although the figure is small, it appears quite significant on considering the massive size of these businesses, having several thousands of employees.
Another big reason that mounts the botnet problem in business enterprises is that they are still lagging behind in remediation.
Thus, the best protection against botnets can be attained by ensuring protection at network level, which is particularly effective in case of sophisticated botnet attacks.
Related article: Botnet Misuses Google Analytics
» SPAMfighter News - 15-06-2009