The Internet is rife with scary stuff. People are becoming increasingly aware of the bad junk that can happen and are taking the proper precautions to arm themselves, whether it’s from a bad e-mail attachment or visiting a bum site. Despite the known rubbish out there, new threats become available, and as if malware wasn’t enough of a problem, now we have botnets.
Botnets are superior to a traditional Trojan virus because instead of one malicious code, you’re dealing with a system of computers that are controlled by an attacker. Consider it like an army of zombies; once one computer gets the bot infection, it talks to the other bots and what you have is a perfect scenario of a distributed denial-of-service (DDoS) attack.
Right now, we’re seeing what is known as P2P botnets which use peer-to-peer networks to control compromised machines. The more widely known P2P botnets come with the fancy monikers Zeus and Spyeye. Zeus was created to infect PCs and then use keyloggers to obtain usernames and passwords from those computers. The information is then sent "back home" to the two aforementioned servers.
According to Plixer, a provider of NetFlow, Zeus was easy to find with blacklisting technology. But Zeus variants have evolved to the point of not needing C2, or command and control systems, which are central points used for the control of botnets. Instead, these botnets use P2P technology to “download configuration data and commands as obtaining the C2 IP to upload stolen information to the attacker.”
From there, it can do a lot of bad things. It can exploit your computer, install its loader, release the bad stuff, steal your logins and other sensitive information and from there, make money off of your information.
The good news is you can arm yourself before this mess even begins by using flow analytics. Plixer’s Scrutinizer does exactly what the name implies; it scrutinizes the flow of the network (NetFlow) and provides real-time updates on the traffic coming through.
With the right NetFlow solution, users can obtain an in-depth network visibility required to detect and mitigate a wide range of security issues. Security teams can gain in-depth visibility to better investigate and take action against these types of low and slow attacks, which often evade antivirus, firewalls and IDS deployments.
With Scrutinizer, there’s the added benefit of reporting and alarming on internal network SYN, NULL, FIN, XMAS scans, and it runs the gamut on known compromised internet hosts, APTs and DDoS attacks.
While botnets are out there and seem to be ever evolving, leveraging flow data can help provide detailed, comprehensive network visibility, making it easier to investigate and mitigate anomalous behaviors that could signify a serious attack.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Jamie Epstein