Feeds

Trend Micro to kick butt on botnets

BASE thinking

Build a business case: developing custom apps

Trend Micro has declared war on botnets, opening a zombie PC pest control service for ISPs and other big network providers.

The security software firm's weapon of choice uses in-house-developed software called the Behavioral Analysis Security Engine (BASE). This is bundled with a hardware appliance and per-seat pricing to form the InterCloud Security Service (ISS). A team of Trend Micro researchers identifies botnets for this service.

ISS goes live in Q4 and will have some as yet unnamed first day customers trading up from the beta program, Trend says. Pricing is not on the table at time of writing.

According to Trend's CTO, Dave Rand, ISS represents the first phase of a multi-year project for the company. "We expect to kick butt on botnets," he declared today. But he readily acknowledges that the enemy is resourceful and the fight won't be easy.

Botnets are networks of virus-infected PCs under the control (hence the term zombie, they have no independent life of their own) of black hat hackers, also known as botherders or botmasters. They can be huge, sometimes containing hundreds of thousands of zombies, and are used for nefarious purposes - DDOS attacks, phishing and other spam, gleaning personal data for a spot of identity theft, and click fraud spring immediately to mind. Also, botnets clog up internet traffic, causing aggravated headaches and bandwidth charges for the ISPs.

Zombie phone home

The first thing that a PC does when compromised is to phone home to the botherder, to receive new instructions or to download more software. Almost always, the zombie has to resolve the location of the botherder via DNS - as no sane botherder will live behind a fixed IP address. This handshake between bot and botherder manifests itself in "abnormal communication sequences", that ISS identifies and tracks. When the zombie PC requests a DNS resolution, the ISS hardware appliance can in real-time either ignore, redirect, or block the traffic - actions that are predefined by the network administrator.

To fight bots, Trend Micro uses behavioral analysis - an industry first, it claims. This approach, as opposed to, say, looking for the signatures or definitions of known viruses, is easily the best way to handle the mutating versions of malware released ever more quickly into the wild, it claims. According to Rand, botherders are becoming increasingly sophisticated, releasing code to grab maybe 5,000 PCs and, when they reach their target, throwing away the code never to use it again. From here it is one small step to change code for every 500 computers, or even for five computers, he says. "We are fighting people, not technology. This is an arms race. They (the botherders) are going to change, and we are going to have to change in response. It is going to be a long battle."

The internet industry is under pressure to do something about botnets. Last year the FTC joined a group of 35 government agencies worldwide in launching Operation Spam Zombie, a campaign urging ISPs to identify and quarantine customers whose PCs had been infected.

Identification is not the problem, but quarantine and repair are different matters, according to Rand. His company has alerted a French ISP to a 500,000-strong botnet: five zombies a day are being removed from the network. "At this rate it will take 271 years to clean-up," he notes.

It is all very well calling on ISPs to do something about botnets, but to date the IT security industry has "not given them the tools that they need", he says. So the most common reaction of ISPs to the botnet scourge is the "ostrich approach: put your head in the sand and hope it goes away."

But ISPs should take a more active approach in looking after the security of their customers: "It is not fair for my mother to be looking after the security of her Windows XP PC," he says.

ISPs shouldn't merely do this for the good of the internet; services such can also be a profit center, according to Rand. They could, for instance, identify repeat offenders, people whose PCs are infected often, and advise or insist that they buy anti-virus software online from - guess who?

Trend will also market ISS to enterprises and the public sector. While the vast majority of zombie PCs live in ISP-land, the consequences of infection for corporations and government agencies are much worse. "After all that's where the money [and sensitive information] is," Rand says.

Press release here. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.