Botnet swarms are shrinking to avoid detection, confirms Finjan

Web security firm Finjan confirms IT security vendor F-Secure’s analysis, with Yuval Ben-Itzhak, the CTO of Finjan, warning: “Our latest quarterly security trends report indicates that there are numerous new attack vectors raising the number of Trojan infections that create botnets.” And he continues: “In fact viruses have barely changed over the last year. They are usually a slight variation of a previous version, which is then disguised using code obfuscation techniques. [But] the focus has now moved on to the crimeware toolkits that generate the infections more easily and with greater force. The resultant botnet swarm potential from such infections is significant.” F-Secure believes that criminal gangs are now splitting their botnets into smaller groups in a bid to create a multi-swarm attack that can still escape detection. These botnets are then rented out, says the IT security vendor, for as little as $100 for a few hours. “By escaping detection, criminals can effectively fly their rented botnets in under the security radar, and ensure the swarm hits the relevant websites, with devastating results,” says Ben-Itzhak. “This is a potentially serious evolution in the world of botnets. The change in the web security status has proven to be a difficult task to tackle for traditional security companies. The best way to detect modern malicious code is to understand in real-time what the code intends to do, before it does.”