Application security, Breach, Data Security, Incident Response, Malware, Patch/Configuration Management, Phishing, TDR, Threat Management, Vulnerability Management

Botnet experts meet as threat grows for corporations

Even though the notorious Storm Worm may have permanently retreated, as recent reports indicate, the threat that botnets pose to businesses arguably has never been higher.

Enterprises risk major financial loss due to sophisticated networks of compromised computers barreling through their network with the goal of stealing confidential data, said Jose Nazario, manager of security research at Arbor Networks.

"They're finding out they have maybe a few dozen to maybe a couple hundred machines infected," Nazario told SCMagazineUS.com on Tuesday. "Enterprises are worried about data leakage. For them, it's really about that loss of confidentiality. It can cost them a significant amount of money, if a machine that is infected is housing trade secrets or important research."

Nazario was one of nearly 200 researchers, law enforcement officers and academics expected to meet Tuesday at the International Botnet Task Force gathering in Arlington, Va. Formed by Microsoft in 2004, the task force is a think tank that meets twice a year to share information and investigation case studies in a collaborative environment.

The event is closed to the public, and individuals must be vetted to attend, according to Microsoft.

While details that emerge from the meeting of the minds is kept under wraps, the need is clear: Experts estimate hundreds of thousands of computers throughout the world are part of botnets, and the potential impact facing organizations could be devastating.

And that's not to mention the losses that financial services firms, such as banks, are responsible for covering should their customers' PCs become part of a botnet, leading to the loss of account funds.

The reason bots pose more risk to organizations than targeted malware or worms is because the executable can be human controlled while moving from machine to machine, experts said. The user does not need to take any action for a computer to become infected -- most malware writers employ drive-by downloads to silently infect casual web surfers.

And the botnet can fly under the radar because herders increasingly are using tactics such as fast-flux to spread malware and evade detection behind an ever changing array of IP addresses.

"The bot is really an automated infrastructure," Fengmin Gong, chief security content officer at FireEye, an anti-botnet solutions provider, told SCMagazineUS.com. "Now you are much more efficient."

Meanwhile, botnets may become even more popular thanks to a growing trend that RSA calls fraud-as-a-service. Under this model, individuals who don't belong to an established crime syndicate can get in on the racket, Sean Brady, product marketing manager at RSA, told SCMagazineUS.com.

"The end-fraudster does not need the technical knowledge necessary to create the botnet," Brady said. "It means that almost anybody can play."

Of course, as more enterprise machines come under the control of botnets, the question naturally arises: Will these same companies be held responsible should those compromised machines be used to lob denial-of-service attacks (DoS) or deliver spam?

Carol Baroudi, research director of security at the Aberdeen Group, told SCMagazineUS.com that she sees regulation coming.

"Ultimately I think there's going to be some liability there," she said, likening the situation to merchants being held culpable for data loss. "Why wouldn't the organization with infected machines be held accountable for DoS attacks?"




Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.