Damballa - Small Botnets Pose Big Problems to Enterprises
A research by security firm 'Damballa' indicates that it isn't necessary the largest sized botnets, which are responsible for the greatest threat, pose great threat to corporate data. During an analysis of 600 or more active botents, the firm's research experts found that often small sized infected networks were employed for the more targeted and dangerous attacks.
Damballa states that although massive botnets like Conficker and Rustock are frequently in seen in the news, its study paper released during September 2009 indicates that many organizations become targets of attacks from even less significant threats.
The company's researchers Erik Wu and Gunter Ollmann who tracked down over 600 botnets during three months period found that majority of the networks contained a maximum of 100 nodes. Such smaller botnets accounted for 57% of all available botnets, while those with 101-500 bots -21%, with 500-10,000 bots-17% and those with over 10,000 only 5%, as reported by EWeek on September 29, 2009.
According to Damballa, bot infections occur and escalate in large businesses as well, with the IP address space and hosts of a business, bot-infected from 5-7% in 2008 to 7-9% in 2009.
The researchers state that all the organizations that they surveyed had some time or other, experienced botnet infections wherein the more small-sized, tailored and targeted bot networks contaminated the organizations. In contrast, corporations have gotten extremely well in tackling the bigger attacks, which are made known like Conficker.
Joe Stewart, Researcher at the Counter Threat Unit of SecureWorks, states that those entities which execute targeted attacks are sure to have fewer bot-infected PCs in their botnets compared to those executing non-targeted ones, as reported by DarkReading on September 24, 2009.
In the meantime, Damballa has discovered that attackers found it much easier to capture enormous corporate data with the use of a small sized botnet than any other exploit. Such botnets often relied on well-known "Do-it-Yourself" malware kits such as Zeus and Ivy for contaminating victims' systems, while they operated more automatically compared to the large sized botnets, the company stated.
Related article: Damballa Says, 2008 will be year of Targeted Attacks and Botnet
» SPAMfighter News - 20-10-2009