How to defend against malnets

The number of malnets has jumped 300 percent in the past six months, according to security firm Blue Coat Systems. While they are nearly impossible to kill, there are steps you can take to protect your organization.

By Thor Olavsrud, CIO |  Security, Blue Coat Systems

Using this infrastructure of relay and exploit servers, Blue Coat says cybercriminals can rapidly launch new attacks that attract many potential victims before security technologies can identify and block it. This creates what Van Der Horst characterizes as a vicious cycle of attack and infection. Blue Coat estimates malnets will deliver more than two-thirds of all malware attacks this year, and they will continue to dominate the threat landscape in the future since they are virtually impossible to shut down.

Once the infrastructure is in place, Blue Coat says malnets typically traffic in two types of attacks:

Attacks that lure users to click on a link (using social networking, spam, porn attacks and search engine poisoning (SEP)--which uses search engine optimization (SEO) techniques to seed malware sites high in common search results)

Attacks that use drive-by downloads to infect computers that do not have up-to-date browser security fixes and patches

Blue Coat said each attack uses different trusted sites and bait to lure users. Some of the attacks don't even use relay servers. Instead, they send users that have taken the bait directly to exploit servers that can identify system or application vulnerabilities, which are then used to serve a malware payload. Once a user's computer is compromised, it can then be used by a botnet to lure new users into the malnet.

Malnets Launch Multiple Attacks at a Time

Malnets characteristically launch multiple attacks at a time. In 2011, one malnet was responsible for the high-profile attack on, which left the site for the open source database software serving malware to visitors. The attack, which targeted database administrators (a group of users likely to have access to sensitive company information), was only one of hundreds of attacks launched by that particular malnet that day.

"We took a look at the malnet involved in that," Van Der Horst says. "We were amazed. It was just a drop in the bucket compared to what else that malnet was doing that day. The bad guys are there 24/7, and they've got a lot of resources that they're using to try to infect users."

Malnets protect themselves through their dynamism and geographic dispersion. Malnet operators locate their servers in multiple countries so that if one country shuts down a malnet within its borders, it can continue to function and propagate in other countries.

How to Protect Your Organization Against Malnets

Originally published on CIO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question