Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, November 17, 2005

Bots slim down to avoid detection

Over the past two years, the average network of bots, or compromised PCs commandeered by remote attackers, has dropped from more than 100,000 to an average of 20,000, Mark Sunner, MessageLabs’s chief technology officer, said during Tuesday’s annual Security Roundtable Webcast.

The move to pint-size botnets helps malicious attackers have more success in delaying detection of their illicit zombie networks, Sunner said.

“When a larger botnet is spreading a virus, it lights up the switchboard of (antivirus) vendors, and they’ll respond in a few hours with a signature to contain the outbreak,” Sunner said.  First, an increase in the numbers of hackers hoping to put together networks has made the task of securing zombie computers more competitive, so it is harder for the “bot herder” to amass a larger number of drone computers.  Second, home users with high-bandwith connections, the primary targets of hackers, are taking more steps to secure their computers.

“As botnets get used up, they are blacklisted and less useful for spamming or phishing attacks,” Sunner said.  Last year, Sunner said his company began noticing old, wornout spambots were being resold as potential DOS bots on various sites and forums used by malicious attackers.

Posted on 11/17