Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to defend against malnets

Thor Olavsrud | Oct. 8, 2012
Since 2011, security firm Blue Coat Systems has been tracking malnets: extensive distributed network infrastructures embedded in the Internet and designed to deliver mass-market attacks on a continuous basis. These malnet infrastructures are like the proverbial Lernaean Hydra--chop off one head, like a botnet it has produced, and two more spring up to take its place.

Malnets Will Deliver Most Malware Attacks This Year

Using this infrastructure of relay and exploit servers, Blue Coat says cybercriminals can rapidly launch new attacks that attract many potential victims before security technologies can identify and block it. This creates what Van Der Horst characterizes as a vicious cycle of attack and infection. Blue Coat estimates malnets will deliver more than two-thirds of all malware attacks this year, and they will continue to dominate the threat landscape in the future since they are virtually impossible to shut down.

Once the infrastructure is in place, Blue Coat says malnets typically traffic in two types of attacks:

Attacks that lure users to click on a link (using social networking, spam, porn attacks and search engine poisoning (SEP)--which uses search engine optimization (SEO) techniques to seed malware sites high in common search results)

Attacks that use drive-by downloads to infect computers that do not have up-to-date browser security fixes and patches

Blue Coat said each attack uses different trusted sites and bait to lure users. Some of the attacks don't even use relay servers. Instead, they send users that have taken the bait directly to exploit servers that can identify system or application vulnerabilities, which are then used to serve a malware payload. Once a user's computer is compromised, it can then be used by a botnet to lure new users into the malnet.

Malnets Launch Multiple Attacks at a Time

Malnets characteristically launch multiple attacks at a time. In 2011, one malnet was responsible for the high-profile attack on, which left the site for the open source database software serving malware to visitors. The attack, which targeted database administrators (a group of users likely to have access to sensitive company information), was only one of hundreds of attacks launched by that particular malnet that day.

"We took a look at the malnet involved in that," Van Der Horst says. "We were amazed. It was just a drop in the bucket compared to what else that malnet was doing that day. The bad guys are there 24/7, and they've got a lot of resources that they're using to try to infect users."

Malnets protect themselves through their dynamism and geographic dispersion. Malnet operators locate their servers in multiple countries so that if one country shuts down a malnet within its borders, it can continue to function and propagate in other countries.

How to Protect Your Organization Against Malnets

Given all this, how can an organization protect itself from the threats posed by malnets? The key, Van Der Horst says, is a proactive cyber defense that goes beyond today's largely signature-based defenses. A proactive cyber defense identifies the malnets delivering attacks and blocks them at the source, preventing attacks before they're launched.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.