Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

IRC botnets on their way to the graveyard

Add to del.icio.us     Digg this story Digg this

November 16, 2010

According to the latest research from Team Cymru, Internet-controlled botnets and virus networks operated by groups of hackers now outnumber those controlled by the traditional method of IRC (Internet relay chat) channels by a factor of about five.

In the old days, IRC channels used to be the only way to control networks of compromised personal computers but the approach has fallen out now in favor of "script-kiddie" approaches that have begun to predominate the Internet today.

According to Steve Santorelli, former Scotland Yard Detective and now director of global outreach at Team Cymru, IRC botnets today are on their way to their own graveyards, and would be dead and buried already but for weak corporate security policies that have allowed them to stick around, even today.

Santorelli says that many companies and organizations today still don't filter port 6667, which is used for IRC channels and nothing else, allowing infected PCs, laptops, critical workstations and even servers in corporate networks to receive instructions that would otherwise be blocked at the entrance to the corporate firewall.

"Infected computers that are part of IRC botnets often have persistent, continuous connections to their C&C, compared to HTTP-based botnets which have their infected PCs frequently check in at pre-determined times," Santorelli explained. "These connections can be tell-tale symptoms that your network is infected if you know exactly where to look."

On average, HTTP-controlled botnets are easier to manage than the IRC-controlled botnets from miscreants to set up and run while being harder to detect, so it's no big surprise that they have become the preferred approach for the command and control systems of zombie networks.

Internet-based botnets are doubling in number every 1 1/2 year. "HTTP based botnets often use popular ports like port 80 that are of course unblocked on most networks and also hard to filter and easy to hide in a sea of noise. There is no persistent, constant connection to spot," said Santorelli.

For some, IP blacklists and anti-virus software can help a bit to combat comparatively unsophisticated botnet agents. "But there is simply no excuse for allowing these relatively basic threats into your networks," Santorelli was very quick to point out.

"They are extremely easy to configure and deploy. You just need zero coding knowledge to run a web-based botnet."

A short video explaining the changes in botnet control technology can be found on Team Cymru's YouTube channel.

Add to del.icio.us     Digg this story Digg this

Source: Team Cymru Internet Security.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Get your Linux or Windows dedicated server today.