9% of Enterprise Computers are Bot-Infected


« Stopping Malware: ISPs Cutting Off Internet Access to Malware Infected Computers | Main | Antivirus Software's Role in Preventing Identity Theft »

09/30/2009



9% of Enterprise Computers are Bot-Infected

Kevin R. Smith
Co-Editor


One of the most common misconceptions about computers in a business environment is that somehow, perhaps because of corporate firewalls, perhaps because of the presence of IT professionals in an office, office computers there are immune to virus, bot, worm, and other malware infection.

There's very much a mistaken attitude of, "It's not like *my* office could get a virus!"

In fact, because office machines are typically connected via high-speed (or even very high speed) Internet connection, they may actually be more prone to these types of infections. Why?

High-speed connections are more desirable for those running the botnets and malware than a single machine on its own cable modem or DSL. Furthermore, once one of these machines that is behind a firewall, even very, very good ones, it's much easier for worms and the like to spread because once their behind the firewall, leaping from machine to machine is far easier than trying to penetrate through the firewall to get to them.

Put another way, once they're in, they're in.

A very interesting article on botnets on darkREADING.com discusses how things are shifting to target enterprises. According to the piece Up to 9% of machines in an enterprise are bot-infected.

What's even more interesting is how the new bots are actually being targeted towards the enterprise.

"The bad guys are also finding that deploying a small botnet inside a targeted organization is a more efficient way of stealing information than deploying a traditional exploit on a specific machine.

"And Ollmann says many of the smaller botnets appear to have more knowledge of the targeted organization as well.

'They are very strongly associated with a lot of insider knowledge...and we see a lot of hands-on command and control with these small botnets.'"

That's just the start, too. What it appears these new botnets are doing often is acting to steal information from the organization.

The article goes on to say, quoting Gunter Ollman further, is

"'I suspect that a sizable percentage of small botnets are those developed by people who understand or are operating inside a business as employees who want to gain remote access to corporate systems, or by criminal entities that have dug deep and gotten insider information on the environment.

"The reason why we know this is the way the malware is constructed -- how it's specific to the host being targeted -- and the types of command and control being used. '

"Bot agents are often hard-coded with the command and control channel" so they can bypass network controls with a user's credentials.'

One of the key things from this piece is that these botnets are actually using users' credentials--their usernames and passwords--on the networks to further penetrate the network and get what they're after.

 While we're definitely fans of firewalls--harware and software--it's clear that there's still need for running the best antivirus software and antispyware that your company can afford to help prevent and ferret out these botnet infestations.

Furthermore, while the article is specifically about hand-crafted bots, there's still risk from traditional garden-variety botnets and other malware threats, and here again, good antivirus firewall software can often serve as a last line of defense, even in the presence of a robust enterprise-grade firewall.

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a0133f40d81f4970b01348764910b970c

Listed below are links to weblogs that reference 9% of Enterprise Computers are Bot-Infected :

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.