28. September 2009 · Comments Off on All enterprises have infected hosts controlled by botnets · Categories: Botnets, Breaches, Compliance, Malware · Tags:

If you think your organization is free of botnet controlled hosts (aka zombies), it's only because you don't have the right detection tools! For example, Damballa, a botnet detection company claims that every organization it has tested was infected. And the number of infected hosts is rising – from 5% to 7% last year to 7% to 9% this year.

In one sense, this is a shocking number, i.e. almost 10% of the hosts in your network are controlled by botnets. On the other hand, not so much because I have yet to find an enterprise with hosts not running non-compliant or non-monitored software. 

Another interesting finding from Damballa's research is the proliferation of small, customized botnets. Here is a quote from the Dark Reading article:

"The bad guys are also finding that deploying a
small botnet inside a targeted organization is a more efficient way of
stealing information than deploying a traditional exploit on a specific
machine. And [Damballa VP of Research Gunter] Ollmann says many of the smaller botnets appear to have
more knowledge of the targeted organization as well. "They are very
strongly associated with a lot of insider knowledge…and we see a lot
of hands-on command and control with these small botnets," he says.

There are several advanced security tools that can be easily deployed in a couple of days that will pinpoint non-compliant and non-monitored software and network communications.