Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

'Malnets' behind two thirds of cyberattacks attacks in 2012

'Whakamole' security, doesn't work, says Blue Coat

Article comments

A growing army of malware delivery networks – ‘malnets’ – account for two thirds of all cyberattacks and most current technologies offer an inadequate response to the threat, security firm Blue Coat has argued in a new analysis.

Malnets are networks of compromised servers used to serve malware to PCs users either via tempting them to click on infected links or via drive-by clicks baited through Internet search. The technique is an old one but what is perhaps new is the automation being used to turn them into large, self-sustaining networks.

Most of the names on the company’s top five malnet list are so little known compared to botnets that to most people they probably sound like characters from the Skylanders videogame.

‘Shnakule’,’ Tricki’, ‘Rubol’, ‘Raskat’, and ‘Rongdac’ are, in order of size, the top five although Schnakule dwarfs the others with between 1,700 and 5,000 concurrent hosts.

In total, the company was now tracking 1,500 individual malnets, three times the number it saw only six months ago, making the phenomenon one of cybercrime’s boom areas.

Unlike botnets – built mostly from compromised PCs – malnets seem to possess a devolved and constantly-shifting command and control system that makes them much harder to shut down; Shnakule alone issued changes to its host C&C servers 56,000 times so far in 2012, Blue Coat said.

Botnets, on the other hand, must hardwire a C&C address into the infected machine – if that host or its backup disappears, the botnetted PC is no longer active.

The point of all this is that the prominent botnet shutdowns seen in the last two years offer no long-term respite as long as malware networks exist to  build new bots. Malnets, are, therefore, the key support for much contemporary malware.

“When security companies aggressively pursued the Zeus botnet, malnet operators simply shifted their resources to the Aleuron botnet, developing and using it in attacks,” said Blue Coat’s researchers.  

“In just six months, activity from the Aleuron botnet increased 517 percent, surpassing Zeus, and making it the most active botnet in the wild.”

Blue Coat’s answer sounds like a logical one even if it is part of a commercial marketing strategy – stop devoting resources solely to blocking the malware served by malnets and attempt to block the rogue hosts themselves. The company calls this ‘negative day defence’, included as a layer in its security systems.

Interestingly, the rise of malnets has also had some unexpected effects, the company claims. In August, Blue Coat reported that simple ‘long tail’ web searches were still far more important for serving malware than special events such as the London Olympics or breaking news.

Going against the received security view, attackers now preferred to spread their links across a large number of search terms than jump on specific events that might be easier to block.


More from Techworld

More relevant IT news


Rich Trinca, Jr. said: Great article Keep up the great work Blue Coat I suggest compiling a list of the rouge servers and working with the Internet security providers to block all of these sites for their users

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *