Finjan has confirmed fellow IT security vendor F-Secure's analysis that botnets are getting smaller, as criminals seek to ensure their botnet swarms evade detection.
"F-Secure's assertion is in line with our own trends analysis," said Yuval Ben-Itzhak, the CTO of Finjan.
"Our latest quarterly security trends report that there are numerous new attack vectors that raise the number of Trojan infections that create botnets.
In fact viruses have barely changed over the last year they are usually a slight variation of a previous version which are then disguised using code obfuscation techniques.
The focus has now moved on to the crimeware toolkits that generate the infections more easily and with greater force.
The resultant botnet swarm potential from such infections is significant," he added.
Ben-Itzhak's comments come in the wake of a report from F-Secure that criminal gangs are splitting their botnets into smaller groups in a bid to create a multi-swarm attack that can still escape detection.
These botnets are then rented out, says the IT security vendor, for as little as $100 for a few hours.
"By escaping detection in this way, criminals can effectively fly their rented botnets in under the security radar, and ensure the swarm hits the relevant Web sites with devastating results. This is a potentially serious evolution in the world of botnets. The change in the web security status has proven to be a difficult task to tackle for traditional security companies. The best way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does", said Ben-Itzhak.
Finjan offers the following advice for corporate users:
1. Check your vendor’s research capabilities and their ability to provide up-to-date information which is immediately translated into actionable security measures.
2. Examine your egress and ingress data policy to make sure that you cover all known and suspicious sites.
3.Make sure that real-time inspection and protection is added to your web security solution. Chasing the attack vectors after the event is always “too little, too late”, particularly if you get hit by a new Trojan that your security solution does not recognize.
4. Make sure that your security solution is updated to handle new technologies and trends. Security products should protect you from the vulnerabilities rather than just attacks and exploits.