Trend Micro has announced a service to help large organisations and ISPs (internet service providers) fight networks of zombie machines, known as 'botnets'.
The service, dubbed InterCloud, was announced today and is intended to help organisations fight botnets, fast-changing networks of rogue computers that are used in DoS (denial of service) attacks, spam campaigns, identity theft, and other malicious acts. The new service uses behavioural analysis technology, developed by Trend, and known as BASE (Behavioural analysis security engine) to spot and isolate bot machines on managed networks, according to Paul Moriarty, director of product development for Internet Content Security at Trend.
Baseanalyses application and network infrastructure data, such as DNS queries and BGP (Border Gateway Protocol) routing tables. The engine can spot behaviour indicative of bots, such as an abnormal series of DNS queries.
The service uses data from Trend's global network of researchers and customers to provide intelligence on new or evolving bot activity. The company's Bot Identification Team identify and monitor bot activity globally, Trend said.
InterCloud relies, in part, on a new, hardened and revamped DNS server that allows Trend to aggregate suspicious data and report on host systems that may be infected with bot programs, Moriarty said.
"We can take a day's worth of DNS logs and tell them how many spambots or zombies they have. That's a capability that most ISPs lack," he said.
InterCloud customers can remediate infected systems by denying them access to the network, or by quarantining them and pushing out necessary updates or scanning and disinfecting them, said Dave Rand, CTO of Trend's Internet Content Security group.
The InterCloud service includes a web-based management portal for viewing and reporting on bot activity and managing security policies, Trend said.
Botnets are one of the fastest growing and most dangerous online threats, said Rand. On any day, Trend tracks millions of infected systems that have been joined to one of a number of global bot networks. But bot infections can also jump up, depending on the availability of easy to exploit security holes, such as the recent VML vulnerability in Microsoft's Internet Explorer browser, or the Windows Server Service vulnerability that was disclosed by Microsoft in August.
Trend identified more than 250,000 new bots each day for the two days after an exploit was developed for the Server Service hole, which Microsoft patched with MS06-040. Typically, the company might identify 250,000 new bots over the course of a month, Moriarty said.