Large Botnet Arrest

arieanna — Mon, 15 Mar 2010 15:00:34 +0000

Spanish police arrested 3 men suspected of being responsible for the world’s largest network of virus-infected computers – the so-called Mariposa botnet. The botnet was made up of nearly 13 million computers across 190 countries. The botnet was rendered inactive in December, with the arrests following.

Out of 13 million computers infected, the chances would be pretty good that many of these computers would reside in a business environment. According to the report, the botnet included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks.

The botnet was designed to steal sensitive information from social media sites and other online email services.

“This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss,” – Senior research advisor Pedro Bustamante

The 3 men arrested were all Spanish citizens without records and limited hacking skills. Other arrests may follow.

Via BBC

Small Botnets Are More Dangerous in Enterprises

arieanna — Tue, 13 Oct 2009 15:00:55 +0000

According to a 3-month study of 600 botnets which have infiltrated enterprise networks, bot infections are on the rise in the corporate environment. The research, done by Damballa, indicates that it is small botnets, not large ones, that are the most prevalent in the enterprise environment:

As you can see from the graph above, 57% of the botnets infecting enterprises are considered “small”, which is defined as a botnet with 1-100 active members. However, despite being less well-known, these botnets are potentially more dangerous:

While many people focus on the biggest botnets circulating around the Internet, it appears that the smaller botnets are not only more prevalent within real-life enterprise environments, but that they’re also doing different things. And, in most cases, those “different things” are more dangerous since they’re more specific to the enterprise environment they’re operating within.

The study indicates that many of these small botnets have been created with low-cost or free DIY kits that can be downloaded from the Internet. In most cases, these small botnets are described as “highly-targeted at particular enterprises”, sometimes requiring a degree of familiarity of the breached enterprise. This could indicate an insider threat issue that we previously haven’t seen or talked about. The target data in these small botnets is often professionally managed with financial controller authentication details (for money transfers), customer database and source code being the top targets.

The problem with these small botnets, aside from their very targeted attacks, is that they often evade detection. Though they are small, these botnets are very dangerous! Damballa puts out a product to detect botnets, but I know very little about it. You can do some independent research on your own to determine how your enterprise will try to detect such intrusions.

Via dark reading

The Absolute Blog » botnet

Large Botnet Arrest

Small Botnets Are More Dangerous in Enterprises