Register

To become a member of ITProPortal Register here.

Already a member? Login here

Please register below. All we need is a valid email address and a password.

Please use a real email address as we need to email you to confirm your account.
Must be at least 6 characters long.

Benefits of joining ITProPortal:

  • Unlimited Access to Special Reports and White Papers
  • Exclusive offers and discounts
  • Free entry to all competitions
  • Access to beta sections of ITProPortal.com

Login to your account



Forgot your password?

Submit
Register
Cancel

Finjan confirms botnet swarms shrinking to avoid detection

Finjan confirms botnet swarms shrinking to avoid detection
  • Digg del.icio.us reddit Facebook

Finjan has confirmed fellow IT security vendor F-Secure's analysis that botnets are getting smaller, as criminals seek to ensure their botnet swarms evade detection.

"F-Secure's assertion is in line with our own trends analysis," said Yuval Ben-Itzhak, the CTO of Finjan.

"Our latest quarterly security trends report that there are numerous new attack vectors that raise the number of Trojan infections that create botnets.

In fact viruses have barely changed over the last year they are usually a slight variation of a previous version which are then disguised using code obfuscation techniques.

The focus has now moved on to the crimeware toolkits that generate the infections more easily and with greater force.

The resultant botnet swarm potential from such infections is significant," he added.

Ben-Itzhak's comments come in the wake of a report from F-Secure that criminal gangs are splitting their botnets into smaller groups in a bid to create a multi-swarm attack that can still escape detection.

These botnets are then rented out, says the IT security vendor, for as little as $100 for a few hours.

"By escaping detection in this way, criminals can effectively fly their rented botnets in under the security radar, and ensure the swarm hits the relevant Web sites with devastating results. This is a potentially serious evolution in the world of botnets. The change in the web security status has proven to be a difficult task to tackle for traditional security companies. The best way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does", said Ben-Itzhak.

Finjan offers the following advice for corporate users:

1. Check your vendor’s research capabilities and their ability to provide up-to-date information which is immediately translated into actionable security measures.

2. Examine your egress and ingress data policy to make sure that you cover all known and suspicious sites.

3.Make sure that real-time inspection and protection is added to your web security solution. Chasing the attack vectors after the event is always “too little, too late”, particularly if you get hit by a new Trojan that your security solution does not recognize.

4. Make sure that your security solution is updated to handle new technologies and trends. Security products should protect you from the vulnerabilities rather than just attacks and exploits.

You are reading page 1 of 1
1

Posted by Rukshan Cooray on 03 Oct. 2007

Tags: Spyware, Trojans, Vulnerabilities, Windows