Spam Bots Concentrating but Anti-Bot Options Increasing
Bots have become a main tool of cybercrime for generating spam, launching denial of service attacks, and stealing information. A couple of stories out recently look at the role of bots in spamming and the emergence of new anti-bot technologies.
Dark Reading reports on the results of a forthcoming story on the top spam generating botnets and finds that 85% of all spam is coming from only six botnets:
Of the six top-spamming botnets Marshal will reveal next week -- Srizbi, Rustock, Mega-D, Hacktool.spammer, Pushdo, and Storm -- the infamous Mega-D and Storm are low on the totem pole. Srizbi is leading the pack, sending 40 percent of spam; Rustock, 21 percent; Mega-D, 9 percent; Hacktool.spammer, 8 percent; Pushdo, 6 percent; and Storm, only about 2 percent.
On the other side of the bot spectrum, eWeek takes a look at anti-bot software. Noting that AV companies haven't provided tools needed to adequately address bots, the article quotes the co-directory of the Stanford Computer Security lab, John Mitchell:
"Current technologies are slow to adapt," Mitchell said, suggesting there's a legitimate need for newer, more powerful products capable of disrupting botnet activities.
This is translating into startup funding:
venture capitalists are now pouring money into startups with technology promising to find and eradicate backdoor Trojans, keystroke loggers and stealth rootkits.
Some are arguing that the AV companies have dropped the ball:
This does not sit well with Andrew Jaquith, an analyst with The Yankee Group. "It's not a good thing that security products are failing and not catching all the threats. The fact that there's a perceived market need [for anti-botnet protection] is an indictment of anti-virus companies in general," Jaquith said.
Detecting viruses and detecting operational bots are fundamentally different problems. The bot installation process could be detected by AV but obviously it's not happening enough to effectively disrupt the growth of botnets. Current obfuscation techniques are good enough to avoid AV detection. New techniques are needed and this is exactly the kind of thing you'd get from a startup. No doubt the AV companies will acquire anti-bot startups and incorporate the technologies into their broad-based suites. (McAfee, one of those AV companies, is sponsor of this site). They did it with data loss prevention (DLP) tools, they'll do it again with anti-bot tools.
For more on the latest trends in malware and botnets, check out this podcast.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
