Although McColo was knocked off the Internet last week due to violations of upstream Internet bandwidth providers' terms of use, the botnet problem continues to escalate as orphaned Srizbi, Rustock, and other botnet PCs attempt to call home to backup C&C infrastructures. In fact, McColo briefly returned to the Internet over the weekend and thousands of Rustock bots were essentially patched and reconnected to a new C&C server in Russia. Detection and prevention remain paramount before the process of reclaiming orphaned Srizbi bots accelerates if/when McColo gets back onto the Internet. Once reclaimed, bots will connect to the new C&C infrastructure and essentially go silent since they will stop the chatter of searching for a live C&C.
"FireEye is dedicated to addressing the growing threats of botnet
FireEye is providing recommendations designed for IT professionals to help them clean Srizbi-infected computers. A summary of these recommendations can be found at the following URL: http://www.fireeye.com/securitycenter/srizbi_notify.html. To learn more about the Srizbi botnet visit, http://blog.fireeye.com
About the FireEye Solution
The FireEye security appliances and FireEye Malware Analysis & Exchange (MAX) Network service together provide comprehensive anti-malware and anti-botnet protection. FireEye appliances use virtual victim machines to analyze enterprise networks for Web-malware and related bot activities on compromised machines. The FireEye MAX Network is a globally deployed malware discovery and analysis service that provides subscribers with the most current botnet and Web malware intelligence to complement on-premise anti-malware security appliances. It catalogs and disseminates security intelligence such as the inbound attack vector as well as the outbound call-back channels used to steal data. This is all derived from malware
About FireEye, Inc.
FireEye, Inc. is the leader in anti-malware and anti-botnet protection, enabling organizations to protect critical intellectual property, computing resources, and network infrastructure against Web malware and botnet infiltration. Today's most damaging attacks are perpetrated through Web malware that forms into highly organized botnets, or networks of remotely controlled, compromised machines. FireEye delivers a complete solution that is designed from the ground up to detect and protect organizations from advanced Web malware and botnets through global and local intelligence and analysis. The company is backed by Sequoia Capital, Norwest Venture Partners, JAFCO, SVB Capital, DAG Ventures, and Juniper Networks. For more information, contact (408) 321-6300 or email: [email protected] Visit us at www.FireEye.com
FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.