Microsoft this week unveiled the ninth volume of its Security Intelligence Report (SIR). The semi-annual assessment of the state of computer and Internet security and overview of the threat landscape generally yields some valuable information. This particular edition of the Security Intelligence Report focuses its attention on the threat posed by botnets.
A Microsoft Malware Protection Center blog post explains, “We’ve dedicated this particular volume to the study of botnets and the role that they play in the malware world. You’ll find a historical anthology of how botnets came to be along with modern-day examples, including the most prevalent families and differences in their geographical distribution.”
Adrienne Hall, general manager for Microsoft Trustworthy Computing, elaborates on the botnet threat. “Botnets are the launch pad for much of today’s criminal activity on the Internet. In many ways, they are the perfect base of operations for computer criminals. Botnets are a valuable asset for their owners–bot herders–who make money by hiring them out to other cyber criminals to use as a route to market for cybercrime attacks such as phishing attacks, spam attacks, identity theft, click fraud and the distribution of scam emails. Bot herders guard their botnets jealously and invest huge amounts of time, effort and money in them.”
Hall adds that recent attempts at thwarting botnets have had some limited success. “The good news is there are clear indications that aggressive, creative disruption efforts by the software industry, law enforcement agencies, government entities, and academics are having an impact on botnets: we’ve seen successful botnet takedowns against Waledac, led by Microsoft and the Mariposa bot arrests, led by Spanish authorities.”
The problem is that malware developers create new bots and bot variants, and PCs are compromised by bots and assimilated into massive botnets significantly faster than any reactive security approach could ever hope to contend with. Microsoft and others deserve kudos for the success against botnets thus far, but long term there has to be a better way.
Thankfully, security is getting more attention at all levels and the focus increasingly is on how to proactively protect rather than reactively defend. Commenting on McAfee’s initiative to promote “offensive security,” Dave Marcus, director of security research and communications for McAfee Labs said, “As we look at the evolution of risky domains and Web sites over multiple years, we can’t avoid the conclusion that the risk keeps increasing in both volume and sophistication. If we want to stop being victims, then the good guys need to advance security efforts as threats evolve.”
In another example of thinking beyond the traditional computer and network security box, Microsoft’s Scott Charney recently proposed a global PC infection response system similar to the approach used by the World Health Organization to contain and manage pandemic biological infections. Implementing a system that can scan and quarantine compromised systems to protect the rest of the Internet is one way to avoid the rampant spread of malware.