Malnets booming: Blue Coat
- 15 October, 2012 11:22
Web security and WAN optimisation vendor, Blue Coat, has reported a 200 per cent hike in malnets over the past six months.
In its latest 2012 Malnet Report, Breaking the Vicious Cycle of the Malnet Threat and Botnet Infections, it tracked the evolution of malnets, finding more than 1500 unique malnets (malware networks).
In six months, the number of malnets tripled – from 500 in January 2012 to 1500 in June. Blue Coat estimates that malnets will be responsible for over two-thirds of all Web-based attacks in 2012.
Blue Coat Systems senior malware researcher, Tim van der Horst, said it is a worrying trend because the infrastructures are designed to launch hundreds of simultaneous attacks on unsuspecting users.
“Combatting this malnet threat requires a defence capable of identifying malnet structures and blocking attacks before they can infect the system. Without the right defence in place, users can get pulled into a vicious cycle that perpetuates malnets and spreads infected systems,” he said.
Other findings from the study include:
- Cyber-criminals build an extensive infrastructure comprised of thousands of unique domains, servers and websites that work together to funnel users to a malicious payload.
- Aiding the cyber-criminals in their effort to stalk users is the growing use of Web analytics, visitor tracking and reporting sites. In six months, the percentage of requests nearly doubled. While these sites are often legitimate, this same technology can be used to provide valuable information that helps cyber-criminals more effectively target their attacks.
- Search engines continue to dominate as a key entry point into malnets, representing more 35 per cent of all attacks.
- By exploiting known vulnerabilities, cyber-criminals install malware onto a user’s systems. Often, the malware is a botnet-producing Trojan that will infect the end-user system. It is not uncommon to find multiple botnets being distributed by the same malnet and multiple botnets on the same end-user system.
- For the first nine months of 2012, there were nearly one million requests to command and control servers that were part of the largest malnet on the Internet. These activities perpetuate and self-nurture the malnet that was responsible for luring the user to malware in the first place.
“This vicious cycle makes it impossible to eliminate the botnet threat if you haven’t first solved the malnet problem. Breaking the malnet threat cycle should be the primary focus of the security industry, yet most security solutions are still focused solely on identifying the malware payload rather than the infrastructure that is delivering it,” van der Horst said.