A story published recently by a researcher at Cisco does a great job of illustrating what it takes to setup, manage, and profit from a botnet. The story details many of the typical activities performed by the criminals who manage and sell botnets. What is unique about the story is that the information is obtained directly from correspondence and discussions with an actual criminal behind the botnet. The story can be found at: http://www.cisco.com/web/about/security/intelligence/bots.html
What is especially unnerving about the story to many security professionals is the ease of which the criminals are able to perpetrate their activities. The criminals behind the botnets can bypass many security technologies through Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. and Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attacks. Additionally, these criminal enterprises can be extremely profitable despite recent claims to the contrary by researchers at Microsoft.
Further evidence of the relative ineffectiveness of some of the most well-known security technologies is illustrated by test results in one of our recent reports, Cyveillance Intelligence Report 1st Half 2009. The report can be downloaded at http://www.cyveillance.com/web/forms/request.asp?getFile=115
Despite the success of the more sophisticated online criminals, some progress in the fight against online crime has been been made. Cyveillance long noticed the trend of criminals being forced to develop very sophisticated methods to bypass detection and security countermeasures. This is a clear indication that the efforts of Cyveillance and others in the security industry are working. As we enter a new era in Security and Intelligence with our acquisition by Qinetiq NA, Cyveillance will continue to make the investments in personnel and technology needed to protect our customers and always stay one step ahead of the bad guys.