Another example is Shylock. It was a top active bot threat carrying out man-in-the-middle attacks against bank websites in the U.K., while TDSS remained active primarily in Denmark and New Zealand. DNSChanger continued to be viciously widespread with victims being found in many countries, everywhere from Argentina to Australia and Saudi Arabia to Thailand.
From that research, we put together the chart below to depict overall bot infection rates in different regions that suffered significant infection rates.
In 2012, we also observed some new tricks and technologies that have been widely adopted to help improve bots operational efficiency and resiliency.
- Shylock started to inject fake contact phone numbers as a new social engineering trick to steal customers' sensitive information since people usually had more trust in living "customer service" personal.
- DGA (Domain Generation Algorithm) technique gained more popularity among top bots, from Conficker to Ramnit, to create large amounts of random domain names to avoid detection.
- Many newly registered domain names were involved with spamming activities. And like we have seen in their legitimate enterprise counterparts, more individuals designed it so their bots started moving their C&C (Command and Control) and other servers to the cloud.
- We also noted that Android became a hot battlefield for mobile security and proved to be the system that attracted all top mobile-device-only bots.
In 2013, bot-related traffic through DNS queries will continue to be a primary source for such malicious activity as spam, distributed denial-of-service attacks, data and identity theft, and more. This type of online threat has grown almost hand-in-hand with the growth of the Internet.
As computers and mobile phones are infected, the malicious software running in the background communicates with their masters using the same DNS we all use to get to our favorite websites. Today's leading DNS providers can accommodate policies whereby lists of "bad" domains can be stored and prevented from being accessed or integrate other network based protective measures, but in the meantime, consumers will need to be smart about the links they click and the messages they open -- the next worst bot could be waiting.
Nominum is the worldwide leading provider of integrated subscriber, network and security solutions for network operators. Nominum is the provider of the N2 Platform that leverages more than 1 trillion DNS queries daily and enables the rapid development and seamless integration of applications that leverage DNS data. Nominum is a global organization headquartered in Redwood City, Calif.
Sign up for Computerworld eNewsletters.