Four reasons to make it hard to fight a zombie network

Source: Internet
Author: User
Tags remote desktop access palo alto networks firewall

The relentless brutality of the zombie network is now commonplace, and we are just considering that the bad guys are the ones who have invaded the user's accounting machine without being discovered by the user.

Zombie Network has long been used in accounting machines in various equipment, and some of the control mechanism to pretend. With the appearance of the user friendly but not safe use of software continues to be used in accounting machine system, especially in the Order of communication network, there are some unskilled gaps, the number of security gaps for hackers to use increased trend. And based on the statements of zombie network hunters who monitor zombie networks, these hackers have become increasingly crafty in setting up sensitive architectures.

Here are four reasons to struggle with zombie networks and what we should adopt:

1. Avoid monitoring operations

Some of the botnet's activities are related to the Conficker worm virus. The researchers say the big botnet has avoided media surveillance, which is why the bad guys have achieved their goals.

Alex Lanstein, an upscale security research professor at the security firm FireEye Inc. in the San Francisco Bay Area, says this is because the virus was created to create news that people know their accounting machine is infected. Cimbot, for example, is a Trojan virus used to build botnets, which currently account for 15% of the world's sold spam.

Paul Roy, chief research professor at Atlanta's security firm Purewire Inc., has found several other examples of botnets escaping network monitoring. In his project Zeropack program, he found that active hybrid skills could allow these bad guys to move around in a multiple-shaped representation of the server. With regard to the rules of the Trojan variant, traditional antivirus vendors to keep up with the correct AV signature is increasingly difficult. WALEDAC Zombie Network is the success of this approach.

Together Roy also shows that hackers migrate from centralized command and control zombie network layouts to an increasingly peer-to-peer architecture. It is pitiful, because of the more concentrated type of layout, at least the safety professor has a big policy to aim at. The peer-to-peer approach means that the policy becomes more refined and difficult to be eliminated individually.

Roy also highlights: "Conficker.c, Storm and waledec viruses have shifted from a centralized architecture to a peer-to-peer architecture."

2. Trojan virus can protect itself

Paul Kocher, president and chief Scientist of cryptography Studies, shows that the problem that safety professors suffer in the process of trying to find and close botnets is that new worms used to build botnets are using strong code systems to maintain their command and control centers.

Kocher shows that "you can be accustomed to the search for zombie networks How to obtain instructions, the passing of the fake instructions, it becomes more and more difficult to do."

Increasingly new zombie networks are also more adept at destroying the accounting machine's security controls.

"We're also using an increasingly crafty way to evade detection in the worm that is now building the botnet," Kocher says. "The worm has changed more and more from imitation to imitation." This makes it increasingly difficult for anti-virus professors to portray signatures to block the virus.

3. The use of software is more than the size of it control

The researchers also found that the weakest way to fend off Botnets was the use of software used on corporate accounting machines, which often exceeded the size of it manipulation. They use the software to transmit all kinds of sensitive data, including medical records, financial data and so on.

The 2009 spring use and Risk statement, released by security vendors Palo Alto networks, analyzes the use and flow of corporate-level software beyond 60 large companies, including financial services, manufacturing, health care, government agencies, retailing and education. The evaluations from August 2008 to December depict the actions of nearly 900,000 users. The results of the study includes:

More than half (57%) of the 494 use software will bypass the security architecture-using end-to-end, port 80, or port 443. Some of these use sequences include Microsoft SharePoint, Microsoft Groove and a range of software promotions (Microsoft Update, Apple Update, Adobe update), and end users such as Pandora and Yoics use the software.

The use of software (logmein!, RDP, PCAnywhere), which is not recognized by the company's it endorsement (CGIProxy, Phproxy, Hopster) and the Remote Desktop Access channel, was also found in the survey, with a share of 81% and 95% respectively. The research also found that encrypted channels such as SH, TOR, Gpass, Gbridge, and swipe use software.

The share of peer-to-peer layouts is that 92%,bittorrent and Gnutella are among the most commonly found in 21 varieties. In the browser-based file sharing, YouSendIt accounted for 76%. Mediafire is the most common of 22 varieties.

Overall, the company's overhead in the firewall, aggressive detection system, and agency and URL filtering products has exceeded $6 billion a year, according to the statement. These products are claimed to perform the use of sequential manipulation. Analysis of the 100% companies have set up a firewall, 87% of the company also equipped with 1 or a variety of firewall aids (acting, aggression detection system, URL filtering)-but still can not use the network of software traffic to perform useful control.

Thus Trojan virus makers can relatively simple use of software, including the establishment of botnets.

This paper comes from http://www.zkddos.com (DDoS attack)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.