Marshal technical consultant, Oscar Marquez, said the millions of computer Storm botnet that generated media hysteria in 2007 had already been overtaken by the Mega-D or Mega-Dik 'sexual enhancement' spam botnet in January. Mega-D accounted for 32 per cent of the world's spam in February. The Pushdo or Celebrity botnet, responsible for six per cent of spam, was the most active at sending emails that turned user PCs into zombies, according to Marshal research. For Marquez, the technical sophistication of such botnets is just the beginning.
Gartner's Walls spelled out a more frightening scenario and pointed out giant botnets like Storm had been extremely aggressive and effective, despite vendors' and customers' best efforts. "Are we actually ready to deal with the level of impact these botnets would have if they were working to launch actual attacks?" he asked.
Marquez claimed its MailMarshal email security and Web gateway product is developed to address the botnet risk. Vendors are also collaborating on botnet defences on a wider scale. Marshal has been approached by vendors, including Symantec, Trend Micro and Arbor Networks, with a view to partnering to address the botnet problem. Trend Micro and Arbor Networks have also begun monitoring and blogging about Mega-D.
WatchGuard's Robertson said proxy based firewalls - such as its Core Range of 550e, 750e and 1250e appliances bundled with unified threat management (UTM) - can limit botnet attacks. Third-generation, proxy-based firewalls protect all layers and maintain data streams in both directions. They also terminate the time-to-live field in the IP header.
02 BLENDED THREATS
Much of the more sophisticated malware out there today - whether phish, rootkit or trojan - falls into the category of blended threats. 2007 was big for blended threats; expect 2008 to be even bigger.
Trend Micro predicts the number of trojans will grow exponentially this year. In 2007, users saw a renaissance of the attack style - although the more traditional attacks are now better hidden and pack a comparatively powerful payload. "Basically it's about bots - because the Trojans give rise to bots," Biviano said.
WatchGuard's Robertson said blended threats are certainly on the rise as malware increases in complexity and sophistication. The vendor's product is built around a proprietary architecture that investigates packets as they arrive on the network, at seven layers. "We believe you have to look deeper into each packet [to see what might be there]," he said. Awareness had definitely risen but educating users was still top priority when it came to all kinds of security threats. "Education, locally and at an international level, and compliance and more emphasis on information leakage [are what is needed]," Robertson said.