[微軟全球資安觀察] 研究人員說：難以摧毀的大規模殭屍網路

  安全研究人員說：「一個新的和演進的殭屍網路 （ Botnet ），已經感染超過 400 萬台個人電腦，相當難以摧毀。」，以” TDL - 4 ”為名的這個感染電腦的木馬程式以及被入侵的電腦所組成的殭屍網路，是目前最複雜的威脅所在。
  分析： 

殭屍網路 （ Botnet ） 雖然已經被發現，但這會持續成為安全專家所探討的一個議題。有一些新的方法來打擊殭屍網路（ Botnet ） 以及駭客 （ Hacker ） ，這些駭客通常會利用無知或不關心資訊安全的無助使用者來乘虛而入。其中的一個方法是使用 DNS 作為惡意軟體和殭屍網路的戰鬥工具。這個工具可以阻止受感染的機器 “phoning home ”到命令和控制 ( C & C ) 伺服器。安全專家也沒有看到使用這工具與 DNSSEC 發生衝突且相信這將會是一個幫助殭屍網路問題日益成長的方式。
 
 網路安全真的越來越好嗎？在思科 2010年度安全報告中，思科系統公司的研究人員認為是的。在 “ Adversary Resource Market Share ”（報告的第 37 頁）追蹤受到影響系統的數量，包括全球殭屍網路的規模和數量。在 2010 年結束時，其 Cisco Global Arms Race Index 的數值為 6.8，低於 2009 年 12 月的水平 7.2 。
 
 根據美國聯邦調查局 （ FBI ） 的調查，談到了有關自從消滅 Coreflood 殭屍網路的現況。報告顯示出自從消滅 Coreflood 殭屍網路之後，受感染的機器數量已經下降（從四月開始，數量已經從 80 萬降到不到 10 萬）。
 
 另外值得注意的是，微軟現在提供 25 萬美元獎勵懸賞緝捕負責 Rustock 殭屍網路的駭客。 

Massive Botnet ‘Indestructible,’ Say Researchers

Computerworld

A new and improved botnet that has infected more than 4 million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday [June 27, 2011].

Analysis:

Botnets have been reported in this publication and most likely will continue to be an issue for security professionals. There are new ways to combat botnets and hackers who take advantage of helpless users who don’t know/don’t care about security. One of those ways is to use DNS as a malware and botnet fighting tool. This tool prevents infected machines from “phoning home” to the command-and-control servers. Security expert Dan Kaminsky has seen no conflict with using this tool with DNSSEC and believes it will be a way to help [stem] the ever growing problem of botnets.

Is Internet security getting better? The Cisco 2010 Annual Security Report [PDF] from the researchers at Cisco Systems says yes. The “Adversary Resource Market Share” (page 37 in the report) tracks the number of compromised systems including the size and number of worldwide botnets. At the end of 2010 their [Cisco Global Arms Race Index] reading was at 6.8, down from December 2009 at a level of 7.2.

According to a declaration [PDF] from Kenneth Keller of the U.S. Federal Bureau of Investigations (FBI), who talks about the current conditions since the takedown of the Coreflood botnet. Of special interest is the chart (page 3) showing the amount of beacons (infected machines) that have gone down since the takedown of the Coreflood botnet (from almost 800,000 to less than 100,000 since April).

Also of note, Microsoft is now offering a US$250,000 reward for information leading to the arrest and conviction of those responsible for the Rustock botnet.