Small Fragmented Botnets Capable of Escaping Detection

Security companies F-Secure and Finjan are warning that cyber criminals are breaking their botnet structures into smaller sizes with the idea to launch multiple attacks, which can elude detection more easily.

According to Finjan's Chief Technology Officer Yuval Ben-Itzhak, F-Secure's assertion matches Finjan's own analysis of prevailing trends. Finjan's security trends report of the last quarter highlights that numerous attacks vectors have emerged that increase Trojan infections to create botnets. Vnunet.com published this in news on October 2, 2007.

In fact, there was hardly any new virus during 2006. They were mostly minor variations of the earlier versions, put through the techniques of code obfuscation to appear disguised, Yuval Ben-Itzhak said.

F-Secure believes that virus writers generally work to build botnets as large as possible so that they become more powerful and more valuable when they are hired out to third parties. But lately, researchers have observed that these massive botnets are split into smaller fragments.

Most botnets take commands from IRC (Internet Relay Chat), said Mika Stahlberg of Security Research Programme at F-Secure. Vnunet.com published this in news on September 27, 2007. Stahlberg explained how criminal gangs increasingly attempt to capture botnets that other people run and when they operate a number of smaller botnets, it makes the problem simpler.

Botnet phenomena still largely occur in Europe, according to F-Secure. USA leads the world in phishing and spam offences, while South America produces the largest number of trojans specially designed to seize banking details.

The attention has now shifted to the use of more crimeware toolkits that cause infections more forcefully and easily, said Yuval Ben-Itzhak. As a result, the potential to create botnet from such crimeware-generated infections is considerable.

Yuval Ben-Itzhak has given some figures, which warn that the renting price of botnets for a few hours is as less as $100.

This manner of escaping detection helps criminals to sweep past their fragmented botnets beneath the security radar. They also ensure that the attack hits the intended destination and produce the desired results out of the victims. This, potentially, is a critical phase in the evolution of botnets, Yuval Ben-Itzhak added.

Related article: Small Organizations Too Can Be Hackers’ Target

» SPAMfighter News - 10/17/2007