All the latest UK technology news, reviews and analysis
|
|
|
07 Dec 2010
Cyber criminals are expected to change the way they control botnets next year in order to escape detection and make malware attacks and spam campaigns even harder to prevent, according to the latest research from Symantec Hosted Services.
The firm's MessageLabs Intelligence: 2010 Annual Security Report highlights the growing threats to companies that have arisen over the past 12 months.
The annual average global spam rate in 2010 was 89.1 per cent, an increase of 1.4 per cent on 2009, peaking in August at 92.2 per cent.
In addition, 339 different malware strains identified in malicious emails were blocked, which is more than a hundredfold increase over 2009, while the average number of new malicious web sites blocked each day rose to 3,066 compared to 2,465 for 2009, an increase of 24.3 per cent.
Most malicious sites spotted were compromised legitimate domains.
With this backdrop, Symantec Hosted Services senior analyst Paul Wood argued that cyber criminals will soon look to overcome one of the key technical weaknesses in their botnets, namely the command-and-control channels which rely on ISP hosting.
"We expect to see botnets adjust their command-and-control channels because it is still a weakness in the system," he said.
"They will move towards steganography as a technique because currently they can be seen via an intrusion detection system."
Steganography involves hiding the command code "in plain view", perhaps in image or music files on social networking sites, thus removing the need to rely on an ISP and lowering the chance of discovery, Wood explained.
The technique has been virtually unheard of before now, although research from Arbor Networks last year uncovered one instance of Twitter being used for command-and-control purposes, albeit in a more overt way.
The report also warned that cyber criminals could target fewer larger legitimate sites in order to plant malicious code for drive-by attacks, possibly by targeting employees at the relevant companies.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
About Us WorldPay provides a globally connected, locally...
About Us WorldPay provides a globally connected, locally...
SQL Server Developer - Our client, an international...
IT Technical Service Delivery Manager / ITIL / Reigate...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Back to basics, a temporary but extremely effective solution...
At the risk of making email boring or sound like I'm saying "I remember the good ol' days", limiting emails to plain text is a very very simple remedy for emails containing malicious hyperlinks or spam in the present environment. The reduction in traffic that such a move would create is significant. Spam detection would be considerably easier too. Clearly bogus emails, like the one I just received supposedly from PayPal Inc. telling me my account has a problem and can I correct my information, could not exist if stripped of HTML to reveal the clearly fraudulant http://www.chaperos.net/PayPal.co.uk/index.php address hidden beneath the displayed paypal.co.uk link... How come "passing off" is no longer a criminal offence? Pretending to be who you are not used to be considered a very serious misdemeanor punishable by prison. Separate email from graphical advertising. A web page is properly suited and ideal for proper presentations, an email is an ideal replacement for a letter. Having said all this I like my fancy emails too, they look great, professional, interesting, and the extensions to presentation me the whole paradigm of communication has changed, but, I don't like that they are being used to try to fool me when I'm not paying attention. I think I would suffer bland text emails for a bit of extra security if everyone joined in willingly so that we have a chance to sort out how to pinpoint those who abuse what we all use and find so incredibly useful.
Posted by: David Lambert 09 Dec 2010