Promisec Stops Threat of BOTNET Attacks Overtaking Corporate PCs
July 22, 2007 (PRLEAP.COM) Technology News
NEW YORK—July 18, 2007— Promisec™ Ltd, announced today that the company’s endpoint security technology stops the growing threat of BOTNET attacks from hijacking corporate computing environments by using a comprehensive approach to layered security, preventing crippled network activity and business disruption. Promisec recognizes BOTNET armies, also known as Zombie armies, as the IT security attack of choice for criminals since it allows them to leverage a corporation’s entire network of computers for unlawful spamming or malware distribution at a very high rate, raising legal questions, but also slowing corporate computing to a crawl.A BOTNET consists of a number of computers that have been compromised to become part of a BOTNET used by a miscreant to launch attacks such as a distributed denial-of-service, spam, viruses and other attacks on a single or large number of computers connected to the Internet. A computer hijacked in this way is called a BOT, and becomes part of a BOTNET controlled by a ‘BOTHERDER.’ Those who create and send BOTNET attacks are typically motivated to damage one or more computing networks or to profit from their activity by creating large spam engines that result in service outages. The FBI, in what it dubbed Operation BOT Roast, recently shut down a major BOTNET and arrested the ring leader, who had infected more than one million computers. The suspect faces 20 years in prison if convicted.
Recommended processes to ensure corporate networks remain free from attacks include implementing a network security strategy with the following layers:
· Up-to-date anti-virus software
· Up-to-date anti-spyware software
· Automated OS vendor patching, such as Windows Update
· Software or hardware firewall
· Endpoint security management software to provide single location management of all these security layers and manage policies to ensure proper third party security software operation.
“BOTNETS are of grave concern because they can operate in large numbers without being noticed, meaning a network could shutdown from the traffic surge alone,” said Amir Kotler, CEO of Promisec. “Beyond serious disruptions in business continuity, corporations can potentially be held hostage – literally asked to pay ransoms that can cost millions of dollars – by the source of many spam, viruses, malware and denial-of-service attacks thundering from personal computers onto their networks. Organizations need to be aware of how BOTNETs can propogate, and how to detect and prevent these infections by implementing a comprehensive layered security solution.”
Experts agree that a layered security approach provides the greatest level of protection for enterprises. Layered security solutions are designed to protect sensitive system resources on the network, delivering added assurance that if one security layer fails, another layer of security will stop an attack. Promisec Spectator Professional stops BOTNET armies by identifying infiltration at the endpoint and removing the startup commands and executables that allow BOTNETs to operate almost undetected on innocent workstations. Promisec also looks for IRC software which is used to communicate within a BOTNET and remove it, effectively severing the host from the BOTNET. Because Promisec monitors unauthorized processes in addition to deviant software, networks protected by Promisec are able to identify infected PCs and clean them before a BOTHERDER starts using them for nefarious activities.
Promisec’s white list capabilities enable organizations to detect infected computers through the startup commands, applications, processes and services which make up the BOT. By identifying these deviations from the standard, dormant BOTs hiding in the system are more easily identified. This is important because unlike other malicious code BOTs can be dormant for a very long time before they are activated, similar to terrorist sleeper cells. The actual command and control infrastructure often uses IRC channels. Being able to identify unauthorized chat programs and removing them will sever the command infrastructure and therefore prevent the BOT from being used to launch an attack. Promisec’s extensive black list includes a very large number of chat programs which can be identified and uninstalled. Combined, Promisec’s capabilities offer a powerful tool for preventing computers from being used to launch a attacks.
About Promisec Spectator Professional
Promisec Spectator Professional provides small and medium businesses (SMBs) with a complete security solution that protects against threats originating within the network. Attacks may be caused by the organization’s users, business partners or by technical mis-configuration. This software-only solution is normally installed on an administrator’s desktop or on a dedicated server in the SOC/NOC (Security/Network Operations Center).
Promisec Spectator Professional works seamlessly with existing gateway security solutions that enhance and complement each other and with third party desktop security agents in order to provide total security for both the network perimeter and the internal organization. With detection, repair, prevention and monitoring modules, Promisec Spectator Professional delivers a comprehensive solution to manage security on all organization network endpoints and servers. Promisec Spectator Professional identifies threats that have bypassed gateway or desktop security systems and embedded themselves in the network - rogue access points, USB devices or any other peripheral added to any network endpoint or server, and unauthorized processes or applications. Leveraging remote remediation technology from a centralized management console, Promisec Spectator Professional enables security administrators to remotely kill harmful processes, remove unauthorized applications or commands and reverse dangerous registry changes, either automatically or manually from their own workstation.
Promisec Threat Expert Center
To learn more about emerging security threats or to inquire about the Promisec network security audit service, please contact threatexpert@promisec.com.
About Promisec, Ltd.
Promisec, Ltd. is an award-winning technology leader in agentless endpoint security management software. The company offers industry proven internal network security solutions in use by Global 2000 organizations, including AGF, AmeriQuest and Comverse. The company’s products Promisec’s Spectator and Promisec Spectator Professional for Enterprises, protects against business disruption from internal network threats with the only agentless endpoint security software to deliver both monitoring and remediation and the ability to manage third-party security products for a layered approach to corporate network security. Privately held and founded in 2004, Promisec’s main headquarters are located in Israel with offices in New York, Boca Raton, London and Paris. The company’s U.S. headquarters are located at 461 Fifth Avenue, 8th Floor in New York City, NY 10017. Visit the Promisec Web site at www.promisec.com.