Feeds

Trend Micro to kick butt on botnets

BASE thinking

Using blade systems to cut costs and sharpen efficiencies

Trend Micro has declared war on botnets, opening a zombie PC pest control service for ISPs and other big network providers.

The security software firm's weapon of choice uses in-house-developed software called the Behavioral Analysis Security Engine (BASE). This is bundled with a hardware appliance and per-seat pricing to form the InterCloud Security Service (ISS). A team of Trend Micro researchers identifies botnets for this service.

ISS goes live in Q4 and will have some as yet unnamed first day customers trading up from the beta program, Trend says. Pricing is not on the table at time of writing.

According to Trend's CTO, Dave Rand, ISS represents the first phase of a multi-year project for the company. "We expect to kick butt on botnets," he declared today. But he readily acknowledges that the enemy is resourceful and the fight won't be easy.

Botnets are networks of virus-infected PCs under the control (hence the term zombie, they have no independent life of their own) of black hat hackers, also known as botherders or botmasters. They can be huge, sometimes containing hundreds of thousands of zombies, and are used for nefarious purposes - DDOS attacks, phishing and other spam, gleaning personal data for a spot of identity theft, and click fraud spring immediately to mind. Also, botnets clog up internet traffic, causing aggravated headaches and bandwidth charges for the ISPs.

Zombie phone home

The first thing that a PC does when compromised is to phone home to the botherder, to receive new instructions or to download more software. Almost always, the zombie has to resolve the location of the botherder via DNS - as no sane botherder will live behind a fixed IP address. This handshake between bot and botherder manifests itself in "abnormal communication sequences", that ISS identifies and tracks. When the zombie PC requests a DNS resolution, the ISS hardware appliance can in real-time either ignore, redirect, or block the traffic - actions that are predefined by the network administrator.

To fight bots, Trend Micro uses behavioral analysis - an industry first, it claims. This approach, as opposed to, say, looking for the signatures or definitions of known viruses, is easily the best way to handle the mutating versions of malware released ever more quickly into the wild, it claims. According to Rand, botherders are becoming increasingly sophisticated, releasing code to grab maybe 5,000 PCs and, when they reach their target, throwing away the code never to use it again. From here it is one small step to change code for every 500 computers, or even for five computers, he says. "We are fighting people, not technology. This is an arms race. They (the botherders) are going to change, and we are going to have to change in response. It is going to be a long battle."

The internet industry is under pressure to do something about botnets. Last year the FTC joined a group of 35 government agencies worldwide in launching Operation Spam Zombie, a campaign urging ISPs to identify and quarantine customers whose PCs had been infected.

Identification is not the problem, but quarantine and repair are different matters, according to Rand. His company has alerted a French ISP to a 500,000-strong botnet: five zombies a day are being removed from the network. "At this rate it will take 271 years to clean-up," he notes.

It is all very well calling on ISPs to do something about botnets, but to date the IT security industry has "not given them the tools that they need", he says. So the most common reaction of ISPs to the botnet scourge is the "ostrich approach: put your head in the sand and hope it goes away."

But ISPs should take a more active approach in looking after the security of their customers: "It is not fair for my mother to be looking after the security of her Windows XP PC," he says.

ISPs shouldn't merely do this for the good of the internet; services such can also be a profit center, according to Rand. They could, for instance, identify repeat offenders, people whose PCs are infected often, and advise or insist that they buy anti-virus software online from - guess who?

Trend will also market ISS to enterprises and the public sector. While the vast majority of zombie PCs live in ISP-land, the consequences of infection for corporations and government agencies are much worse. "After all that's where the money [and sensitive information] is," Rand says.

Press release here. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.