16 September 2011

Damballa Threat Report – First Half 2011 (Extract)


The first half of 2011 picks up where 2010 left off – it looks to be another big year for Internet crime with botnets and targeted attacks becoming headline news on an almost weekly basis. This brief report looks at some of the trends identified by Damballa Labs over the first six months of 2011, specifically the threats most
regularly encountered and damaging to home users and poorly secured businesses.
Much of this report focuses on botnets and botnet operators. A ‘botnet’ can be defined as a network of
infected assets (victim machines) under the remote control of certain criminal botnet operator(s). These
operators utilize a specific array of command-and-control (C&C) servers to receive the stolen information and issue malicious instructions to the infected assets. There are often multiple infections per victim as their
computer is repeatedly compromised through various criminal campaigns and is subsequently remotely
managed by different operators. A specific (in this case ‘named’) botnet is often associated with a certain type
or class of malware and has certain characteristics regarding how it communicates, the command-and-control
servers used, traffic patterns, etc.

Nearly all the malware associated with these botnets is ‘multi-purpose,’ meaning the malware is capable of
obtaining full administrative and remote control over applications on the victim machine. The malware families
used by criminals for fraud and online crime are often referred to as crimeware. At the direction of the bot
operator, crimeware allows the operator to achieve any number of criminal objectives including credential
stealing, key logging, opening backdoors to an enterprise network, and user impersonation on the victim
machine to conduct fraudulent transactions and gain access to critical business application data. The
crimeware component is frequently upgraded or repurposed and, once an asset is infected, access to the
victim machine can be ‘rented’ or sold to other criminal operators for a nominal fee. In fact, for the first half of
2011, more than 40% of infected assets were actively communicating with two or more botnet operators.

This report:

  •  Reveals The Top 10 Largest Botnets in the first half of 2011
  •  Discusses operator and malware trends
  •  Identifies the Top 10 Most Abused TLDs (top level domains)
  •  Provides a first-ever assessment of mobile malware C&C activity

Solutions : www.xcyss.in    

No comments:

Post a Comment