RSA: Trend Micro aims to track down botnet controllers

Trend Micro is to update its Deep Discovery security platform to improve its ability to track down the individuals behind malware operations.

The security company said that its intelligence and monitoring platform would be updated to provide detection for the command and control servers which connect with infected machines.

The update will allow Deep Discovery, which connects to Trend's security platforms and Smart Protection network as well as third-party applications which have added support for the security monitoring tool.

The aim of the expansion is to better allow administrators to receive notification when an infected node or system could be connected to a more-sophisticated attack such as an advanced-persistent threat or a large-scale botnet.

The company said that while previous security tools have been able to identify and block threats associated with command and control servers, the platforms have been unable to draw the connection between the individual malware samples and the command and control servers which can update infected machines and perform larger operations.

In addition to monitoring web content and the behaviour of infections, the Deep Discovery platform will now monitor the patterns in communication between infected machines and third parties, looking for patterns which could indicate command and control instructions.

Trend said that the monitoring and emphasis on command and control detection would be essential in thwarting the techniques commonly used by command and control systems. Researchers have found that the systems will often use techniques such as monitoring social networking traffic or minimising data transactions in order to prevent detection by conventional security platforms.

Command and control detection services are currently in beta testing phase. The system is set to be introduced to various Trend Micro products and services throughout the first half of 2013.