Feeds

Trend Micro to kick butt on botnets

BASE thinking

5 things you didn’t know about cloud backup

Trend Micro has declared war on botnets, opening a zombie PC pest control service for ISPs and other big network providers.

The security software firm's weapon of choice uses in-house-developed software called the Behavioral Analysis Security Engine (BASE). This is bundled with a hardware appliance and per-seat pricing to form the InterCloud Security Service (ISS). A team of Trend Micro researchers identifies botnets for this service.

ISS goes live in Q4 and will have some as yet unnamed first day customers trading up from the beta program, Trend says. Pricing is not on the table at time of writing.

According to Trend's CTO, Dave Rand, ISS represents the first phase of a multi-year project for the company. "We expect to kick butt on botnets," he declared today. But he readily acknowledges that the enemy is resourceful and the fight won't be easy.

Botnets are networks of virus-infected PCs under the control (hence the term zombie, they have no independent life of their own) of black hat hackers, also known as botherders or botmasters. They can be huge, sometimes containing hundreds of thousands of zombies, and are used for nefarious purposes - DDOS attacks, phishing and other spam, gleaning personal data for a spot of identity theft, and click fraud spring immediately to mind. Also, botnets clog up internet traffic, causing aggravated headaches and bandwidth charges for the ISPs.

Zombie phone home

The first thing that a PC does when compromised is to phone home to the botherder, to receive new instructions or to download more software. Almost always, the zombie has to resolve the location of the botherder via DNS - as no sane botherder will live behind a fixed IP address. This handshake between bot and botherder manifests itself in "abnormal communication sequences", that ISS identifies and tracks. When the zombie PC requests a DNS resolution, the ISS hardware appliance can in real-time either ignore, redirect, or block the traffic - actions that are predefined by the network administrator.

To fight bots, Trend Micro uses behavioral analysis - an industry first, it claims. This approach, as opposed to, say, looking for the signatures or definitions of known viruses, is easily the best way to handle the mutating versions of malware released ever more quickly into the wild, it claims. According to Rand, botherders are becoming increasingly sophisticated, releasing code to grab maybe 5,000 PCs and, when they reach their target, throwing away the code never to use it again. From here it is one small step to change code for every 500 computers, or even for five computers, he says. "We are fighting people, not technology. This is an arms race. They (the botherders) are going to change, and we are going to have to change in response. It is going to be a long battle."

The internet industry is under pressure to do something about botnets. Last year the FTC joined a group of 35 government agencies worldwide in launching Operation Spam Zombie, a campaign urging ISPs to identify and quarantine customers whose PCs had been infected.

Identification is not the problem, but quarantine and repair are different matters, according to Rand. His company has alerted a French ISP to a 500,000-strong botnet: five zombies a day are being removed from the network. "At this rate it will take 271 years to clean-up," he notes.

It is all very well calling on ISPs to do something about botnets, but to date the IT security industry has "not given them the tools that they need", he says. So the most common reaction of ISPs to the botnet scourge is the "ostrich approach: put your head in the sand and hope it goes away."

But ISPs should take a more active approach in looking after the security of their customers: "It is not fair for my mother to be looking after the security of her Windows XP PC," he says.

ISPs shouldn't merely do this for the good of the internet; services such can also be a profit center, according to Rand. They could, for instance, identify repeat offenders, people whose PCs are infected often, and advise or insist that they buy anti-virus software online from - guess who?

Trend will also market ISS to enterprises and the public sector. While the vast majority of zombie PCs live in ISP-land, the consequences of infection for corporations and government agencies are much worse. "After all that's where the money [and sensitive information] is," Rand says.

Press release here. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.