December 20, 2007 — CSO —
Cybercrime is going upscale. Criminals are not just putting together bigger botnets—more than a million computers in some cases—they are also adopting the principles of modern marketing to get their products onto your users’ computers. This has implications that will be coming soon to thousands of mailboxes near you.
At the center of all this activity are not spammers or phishers, who increasingly outsource the delivery of their e-mail campaigns, but professional botnet herders, most of whom rent out their networks of infected machines through an elaborate underground marketplace.
Where botnets were once more or less a sideline for spammers and phishers, they are now a full-time, tightly focused and highly competitive business. Like any other businesspeople, these professional herders concentrate on improving their products by delivering better service to their customers. Better service, in this case, is defined as slashing through the defenses of even more computers even faster.
These new herders are a lot more agile than those who preceded them. They have discovered that mass, velocity and agility are the keys to this new environment.
Because the botnets are so big, they can send billions of spams or other malware in a week or two. It’s estimated that the August PDF spams involved sending out 5 billion e-mails in two or three weeks. This kind of velocity means that the botnets’ messages can hit billions of inboxes before word filters down about the new threats. What’s more, botnet herders are quick to modify their approach, depending on what seems to be working.
For example, by the time word spread about the PDF spam and most major security companies had released products that could scan PDFs, the herders had already moved on to other attacks, such as phony XLS spreadsheets or invitations to sign up for the Verified by Visa credit card security program. That means new attacks tend to come in waves.
The other major change is an increased use of social engineering. That’s because these scammers still rely on getting the user to visit a malicious website or click on an infected file.
“There are more defenses in place,” says Uriel Maimon, the senior researcher in the office of the chief technology officer for RSA, the security division of EMC. “That means more spam needs to be sent with more variations until it gets through to you.”
“We see more and more of a role for deception in infections,” says Dave Cole, director of security response at Symantec. “You certainly see this with the Storm Trojan, and you have pretty elaborate ruses put into play by the bad guys.”
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- Enterprise Management Associates: Taking the Botnet Threat Seriously
- Fact or Fiction Security Survival Guide: Clearing up Misconceptions, Myths and Mistruths about Security
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Solving Online Credit Fraud Using Device Reputation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
