nsane.forums Posted December 7, 2010 Share Posted December 7, 2010 Botnet herders likely to use steganography to avoid detection Cyber criminals are expected to change the way they control botnets next year in order to escape detection and make malware attacks and spam campaigns even harder to prevent, according to the latest research from Symantec Hosted Services. The firm's MessageLabs Intelligence: 2010 Annual Security Report highlights the growing threats to companies that have arisen over the past 12 months. The annual average global spam rate in 2010 was 89.1 per cent, an increase of 1.4 per cent on 2009, peaking in August at 92.2 per cent. In addition, 339 different malware strains identified in malicious emails were blocked, which is more than a hundredfold increase over 2009, while the average number of new malicious web sites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3 per cent. Most malicious sites spotted were compromised legitimate domains. With this backdrop, Symantec Hosted Services senior analyst Paul Wood argued that cyber criminals will soon look to overcome one of the key technical weaknesses in their botnets, namely the command-and-control channels which rely on ISP hosting. "We expect to see botnets adjust their command-and-control channels because it is still a weakness in the system," he said. "They will move towards steganography as a technique because currently they can be seen via an intrusion detection system." Steganography involves hiding the command code "in plain view", perhaps in image or music files on social networking sites, thus removing the need to rely on an ISP and lowering the chance of discovery, Wood explained. The technique has been virtually unheard of before now, although research from Arbor Networks last year uncovered one instance of Twitter being used for command-and-control purposes. The report also warned that cyber criminals could target fewer larger legitimate sites in order to plant malicious code for drive-by attacks, possibly by targeting employees at the relevant companies. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.