Feeds

Trend Micro to kick butt on botnets

BASE thinking

5 things you didn’t know about cloud backup

Trend Micro has declared war on botnets, opening a zombie PC pest control service for ISPs and other big network providers.

The security software firm's weapon of choice uses in-house-developed software called the Behavioral Analysis Security Engine (BASE). This is bundled with a hardware appliance and per-seat pricing to form the InterCloud Security Service (ISS). A team of Trend Micro researchers identifies botnets for this service.

ISS goes live in Q4 and will have some as yet unnamed first day customers trading up from the beta program, Trend says. Pricing is not on the table at time of writing.

According to Trend's CTO, Dave Rand, ISS represents the first phase of a multi-year project for the company. "We expect to kick butt on botnets," he declared today. But he readily acknowledges that the enemy is resourceful and the fight won't be easy.

Botnets are networks of virus-infected PCs under the control (hence the term zombie, they have no independent life of their own) of black hat hackers, also known as botherders or botmasters. They can be huge, sometimes containing hundreds of thousands of zombies, and are used for nefarious purposes - DDOS attacks, phishing and other spam, gleaning personal data for a spot of identity theft, and click fraud spring immediately to mind. Also, botnets clog up internet traffic, causing aggravated headaches and bandwidth charges for the ISPs.

Zombie phone home

The first thing that a PC does when compromised is to phone home to the botherder, to receive new instructions or to download more software. Almost always, the zombie has to resolve the location of the botherder via DNS - as no sane botherder will live behind a fixed IP address. This handshake between bot and botherder manifests itself in "abnormal communication sequences", that ISS identifies and tracks. When the zombie PC requests a DNS resolution, the ISS hardware appliance can in real-time either ignore, redirect, or block the traffic - actions that are predefined by the network administrator.

To fight bots, Trend Micro uses behavioral analysis - an industry first, it claims. This approach, as opposed to, say, looking for the signatures or definitions of known viruses, is easily the best way to handle the mutating versions of malware released ever more quickly into the wild, it claims. According to Rand, botherders are becoming increasingly sophisticated, releasing code to grab maybe 5,000 PCs and, when they reach their target, throwing away the code never to use it again. From here it is one small step to change code for every 500 computers, or even for five computers, he says. "We are fighting people, not technology. This is an arms race. They (the botherders) are going to change, and we are going to have to change in response. It is going to be a long battle."

The internet industry is under pressure to do something about botnets. Last year the FTC joined a group of 35 government agencies worldwide in launching Operation Spam Zombie, a campaign urging ISPs to identify and quarantine customers whose PCs had been infected.

Identification is not the problem, but quarantine and repair are different matters, according to Rand. His company has alerted a French ISP to a 500,000-strong botnet: five zombies a day are being removed from the network. "At this rate it will take 271 years to clean-up," he notes.

It is all very well calling on ISPs to do something about botnets, but to date the IT security industry has "not given them the tools that they need", he says. So the most common reaction of ISPs to the botnet scourge is the "ostrich approach: put your head in the sand and hope it goes away."

But ISPs should take a more active approach in looking after the security of their customers: "It is not fair for my mother to be looking after the security of her Windows XP PC," he says.

ISPs shouldn't merely do this for the good of the internet; services such can also be a profit center, according to Rand. They could, for instance, identify repeat offenders, people whose PCs are infected often, and advise or insist that they buy anti-virus software online from - guess who?

Trend will also market ISS to enterprises and the public sector. While the vast majority of zombie PCs live in ISP-land, the consequences of infection for corporations and government agencies are much worse. "After all that's where the money [and sensitive information] is," Rand says.

Press release here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.