Botnets: 4 Reasons It's Getting Harder to Find and Fight Them

Researchers say vulnerable Web 2.0 applications and peer-to-peer architecture are making it easy for hackers to maintain armies of hijacked computers

"It used to be you could track how a botnet was getting its commands and send out fake commands to take it out," he said. "It's getting a lot harder to do that."

The newer botnets are also better at snuffing out a machine's security controls.

"We're also watching more sophisticated efforts among botnet-building worms to evade detection," Kocher said. "They're more polymorphic, changing from copy to copy. It makes it more difficult for an antivirus author to craft a signature to block it."

3. Popular apps are beyond IT's control
Researchers continue to find that the path of least resistance for bot herders is the variety of applications people use on company machines but outside the control of IT. They use these to pass a variety of sensitive data back and forth, including medical records, financial data and so on.

Security vendor Palo Alto Networks recently released its Spring 2009 Application Usage and Risk Report that reviewed enterprise application use and traffic from more than 60 large organizations across financial services, manufacturing, healthcare, government, retail and education. The assessments, conducted between August and December 2008, represented the behavior of nearly 900,000 users. Among the findings:

  • More than half (57 percent) of the 494 applications found can bypass security infrastructure -- hopping from port to port, using port 80 or port 443. Some examples of these applications include Microsoft SharePoint, Microsoft Groove and a host of software update services (Microsoft Update, Apple Update, Adobe Update), along with end-user applications such as Pandora and Yoics!
  • Proxies that are typically not endorsed by corporate IT (CGIProxy, PHProxy, Hopster) and remote desktop access applications (LogMeIn!, RDP, PCAnywhere) were found 81 percent and 95 percent of time, respectively. Encrypted tunnel applications such as SSH, TOR, GPass, Gbridge, and SwIPe were also found.
  • P2P was found 92 percent of the time, with BitTorrent and Gnutella as the most common of 21 variants found. Browser-based file sharing was found 76 percent of the time with YouSendit! And MediaFire among the most common of the 22 variants.

Collectively, the report said, enterprises spend more than $6 billion annually on firewall, IPS, proxy and URL filtering products. All of these products claim to perform some level of application control. The analysis showed that 100% of the organizations had firewalls and 87 percent also had one or more of these firewall helpers (a proxy, an IPS, URL filtering) -- yet they were unable to exercise control over the application traffic traversing the network.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags botnetssocial networkingsocial engineering

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bill Brenner

CSO Online
Show Comments

Essentials

Cygnett 2500 ChargeUp Pocket Lightning Portable Power Bank

Learn more >

Mobile

Exec

Budget

TerraCycle Zero Waste Box Pens and Markers Small

Learn more >

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?