Botnet Myth Hampering Businesses

Recently, Gunter Ollmann, Vice President of Research for Damballa, stated that several businesses believe in a one-to-one relation between the malware and the botnet, i.e. a particular malware is associated with a particular botnet; thus, they assume that protection from a specific malware makes them safe, as reported by DarkReading on June 10, 2009. However, in reality, it is the other way round.

Ollmann added that organizations, having discovered the detection technique for an updated Zeus, roll out that detection file to all the hosts on their network. By doing this, they believe that they have safeguarded their network against this botnet. However, after some days, they detect a fresh Zeus infection and get surprised at the failure of their detection technique.

It is learnt that Zeus is one of the widely popular families of botnet which can be created by a commercially available "do-it-yourself" malware creation kit. Though, the command and control of all the infections caused by Conficker or Zeus are not in the hands of a particular botnet operator, highlighted Ollmann. In fact, botnet operators regularly keep on changing the malware family they use for targeting the businesses.

Ollmann further explained that businesses witness several media reports of around six million Conficker hosts; however, it is not the work of a single botnet operator. Multiple operators are responsible for different variants of Conficker.

Security experts think that this type of misunderstanding regarding botnets has steadily pushed up the rate of botnets in businesses. According to Ollmann, even the networks of several high-profile and eminent technical customers have been detected of having 3-7% hosts suffering from botnet infections for past couple of years. Although the figure is small, it appears quite significant on considering the massive size of these businesses, having several thousands of employees.

Another big reason that mounts the botnet problem in business enterprises is that they are still lagging behind in remediation.

Thus, the best protection against botnets can be attained by ensuring protection at network level, which is particularly effective in case of sophisticated botnet attacks.

Related article: Botnet Misuses Google Analytics

» SPAMfighter News - 15-06-2009

 

All SPAMfighter products offer a free trial!

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now

Full disk or slow disk?
Disk space recovery
and disk optimization. Try FULL-DISKfighter free


Spam Filter for Exchange Server

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove spyware

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software

Antivirus software for your Windows PC - Free 30 days trial

<<<  >>> 

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Intel Software Partner