Computer security company FireEye announced on Monday a new strategy for fighting the worsening threat to consumers and businesses posed by botnets.
The company announced its new Botwall appliance, linked to a worldwide intelligence network coupled to local botnet analysis designed to thwart attacks.
FireEye plans to spearhead a new industry alliance bent on cooperation to protect consumers, serviceproviders and corporate networks against botnet-driven attacks, CEO Ashar Aziz told TechNewsWorld.
150 Million and Counting
Experts estimate there are as many as 150 million bot-infected computers around the world and warn thatthe number of bot-compromised computers is rapidly growing. Botnets are made up of infected computers, also known as “zombies,” that form a network of remotely controlled computers used at will by crime groups to perform a variety of illegal activities.
These organizations, which control computers without the owners’ knowledge, function much like a puppeteer controls a puppet with strings. The illegal activities range from stealing users’ identities andconfidential information like bank account numbers and passwords to sending out massive amounts of spam e-mail. They also can conduct DOS (denial of service) attacks, phishing attacks and other illegalactivities.
TechNewsWorld discussed FireEye’s technology and the current state of the global botnet pandemic withAziz.
TechNewsWorld: What is driving the worldwide pandemic of botnet takeovers?
: When the idea of taking over computers began in 2004, when we started FireEye, Slammer and other quickly spreading infections were little more than toys that made the players notorious. But there was a potential for a much more sophisticated attack model. This year that model materialized with far more serious malicious results orchestrated by criminal networks. Now bot masters, those who control the compromised computers, are driven by greed and money.
TechNewsWorld: How has the security industry reacted to the growth of malicious botnets?
: For the most part, the industry developed new versions of the techniques it already was using to fight virus and Trojan infections. Meanwhile, the malicious code writers developed new attack methods and innovative ways to avoid detection by virus scanners. For example, bot code writers learned to lay low and go slow on the machines they infected. Thus, traditional scanning engines couldn’t see them. Ultimately, it became increasingly apparent that the old techniques do not work in defending against botnets.
TechNewsWorld: How many technologies exist today for fighting bots? Is it a one-size-fits-all mentality or are there effective new defensive measures and eradication methods available?
: We’re seeing the industry in general responding the same way. Antivirus vendors doubled their efforts with the two methodologies that existed for fighting viruses. One is the signature-based approach. But bots can change a few bits in a signature so the signature is no longer valid. The other isbehavior-based techniques. Bots can take evasive action to avoid detection.
TechNewsWorld: What specific threats do botnet attacks pose?
: Bots are progressed and now can follow many attack types. One of the earliest was the denial of service attack. The goal was to extort money from a company to forestall disclosure of the data thefts. That was a very primitive model. Authorities could trace the money trail.
TechNewsWorld: So bot attacks have become more malicious?
: Clearly yes. Spam bots command thousands of compromised computers and consume tremendous amounts of bandwidth. Bot masters now lease to the bad guys the legions of compromised computers and corporate networks they command. And the bots can install keylogging programs that steal user identifications and passwords to financial accounts and sensitive corporate data. There is a very large black market that feeds a multi-billion dollar market today.
TechNewsWorld: What other types of threats do botnets pose today?
: Botnets command a huge arsenal of automated clicking activity on e-commerce Web sites. This type of automated click fraud has replaced the human operators paid to repeated click on ad links. Bots are much faster than humans at clicking. This type of fraud is generating from 10 to 20 percent of all clicks on the Internet and is costing virtual merchants and Web advertisers thousands of dollars paid to the crime gangs.
TechNewsWorld: What do you see as the most dangerous attacks by botnets?
: Botnets can target corporate networks to steal sensitive data and cripple the economicstructure. Botnet attacks aimed at corporations are much more effective general phishing attacks to gainID thefts. It’s like fishing in a barrel of water instead of the ocean.
TechNewsWorld: Do you see any political ramifications involving botnets?
: This is perhaps the most dangerous of all botnet threats. Consider what political factions did against the Estonian government. Estonia’s computer infrastructure was taken down completely by acollection of bot networks compromised around the globe over a political dispute. This kind of potentialnational destruction is one of our most pressing threats.
TechNewsWorld: How does FireEye hope to bolster the defenses against the botnet pandemic?
: We can’t fault the existing vendors. Detecting bot infections is a very tough technologicalproblem. It is hard to make more than incremental enhancements in existing technology. It takes a startup company to be able to engineer a solution from the ground up. ISPs are waiting for a new solution. Thelarge ISPs have invested lots of money providing free antivirus protection for their subscribers. The ISPsare waiting for a better solution.
TechNewsWorld: What makes FireEye’s approach different than other security appliances and existing antivirus programs on the market?
: The botnet pandemic is affecting all corners of the globe. What the industry needs iscooperation among governments, consumers, vendors and corporations. We are trying to seed such an alliance and are working to create industry-wide cooperation. We already have agreements with numerous ISPs and large corporations that I can not disclose at this time. We are hoping to work with all security vendors to enable the development of a new ecosystem that will protect consumers and businesses alike.
TechNewsWorld: How will this new approach work?
: Our technology connects a hardware device within a network and is able to react to the global intelligence-gathering appliances we installed on networks of cooperating companies. Our analysis will enable us to track botnet changes in real time and share that information. We can then inject the botmalware into our virtual victim machines and identify the activity in a sandbox environment with a highdegree of precision. This will allow us to block and remove the malware infections.