Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The botnet is notable not just because of its scale, but also the speed with which it was formed and the fact that many government and corporate PCs, as well as consumer devices, were infected.According to Finjan's chief technology officer, Yuval Ben-Itzhak, the average size of botnets last year was around 500,000 machines. He said this particular network has only been in use since February this year, controlled by just six people using a server hosted in the Ukraine."They managed to infect so many people by compromising legitimate web sites and inserting malware code, so when people visited the sites, their browser was exploited," said Ben-Itzhak."They can send commands to each of the [infected computers] recording keystrokes and passwords, and stealing data, and can also use them for sending spam, or for denial-of-service attacks."He added that only four of the 39 anti-virus scanning tools they tested were unable to detect the malware used to infect the machines in the botnet."Our recommendation is to take a multi-layered approach, including traditional anti-virus and real-time content analysis tools to inspect content without a signature, and data leak prevention in and outbound," advised Ben-Itzhak.He added that web site owners should put in place web application firewalls to minimise the risk of SQL injection and cross-site scripting attacks.Finjan said it has now provided information about the Ukraine-based command and control server to UK and US law enforcers, and told those government agencies and companies whose computers are infected.Rik Howard, director of intelligence at managed security services firm iDefense, said the news highlights the fact that some government agencies have the same problems securing their computer systems as commercial organisations."In my estimation, government patching cycles are maybe not always as aggressive as commercial organisations, and they may want to consider that," he advised."You should also never underestimate the power of the machine that has been offline for a while and hasn't been brought up to speed with patches before it's brought online again."Howard added that the size of the botnet was somewhat surprising, given that the trend iDefense has observed appears to be of online criminals using smaller networks which are more nimble and harder to detect.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.