Risk
3/11/2011
06:19 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Botnet Threat: More Visibility Needed

According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.

According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.The report, Botnets: Measurement, Detection, Disinfection, and Defence says the fuel behind the success of botnets are threefold: 1) The ease and cost of infecting a user's PC with malware; 2) The profit which can be gained by running a botnet (which is related to the effectiveness of defensive measures against up-and-running botnets), and 3) The probability and severity of criminal sanctions against the perpetrator.

In short, botnets are easy to propagate, highly profitable, and provide operators a low risk of being busted by the authorities. That's the perfect set of market ingredients to bake many, many botnets.

Unfortunately, the 150 page report found that's not likely to change any time soon. That's because current methods used to measure the size of botnets aren't accurate and researchers really don't know how big these networks get. Additionally, the size of the network, the report states, isn't the best way to measure the risk of these things. That's because these networks can't be easily morphed, thereby changing the threat they pose.

Fighting botnets is part technological, part end user awareness, and as the report found, part regulatory and through increased international cooperation. From the report:

• The current legal frameworks of various EU Member States and their national diversity in the context of cybercrime are a key factor in the efficiency of the fight against botnets. The applicability of promising detection and mitigation approaches is also limited through certain conflicts between data protection laws and laws that ensure a secure operation of IT services. Finally, working processes increase the reaction time to the extent that they can be evaded with little effort by criminal individuals, capitalising on the ease with which botnets can be configured. For more information on the legal issues identified in the context of botnets.

• The global botnet threat is best countered by close international cooperation between governments and technically-oriented and legislative institutions. For an efficient supranational mitigation strategy to work, cooperation between stakeholders must be intensified and strengthened by political will and support. In this context, the standardisation of processes for information exchange plays an important role. This includes reports about incidents, identified threats, and evidence against criminal individuals, ideally leading to their arrest, as well as mechanisms for maintaining the confidentiality of shared information and establishing the trustworthiness of its source.

Just as is the case with viruses, spyware, and other types of malware - the battle against botnets is a long haul, and more about managing the risk than it is about defeating it outright.

For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8893
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8894
Published: 2015-01-28
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

CVE-2014-8895
Published: 2015-01-28
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

CVE-2014-8917
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media A...

CVE-2014-8920
Published: 2015-01-28
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.