Time to kick bot, says TrendMicro chief

The botnet scourge has reached alarming proportions and TrendMicro CEO Eva Chen is determined to do something about it.

We can only be indifferent to the growing botnet threat at our own peril, cautions Chen, who co-founded Cupertino, Calif.-based anti-virus software vendor TrendMicro Inc. 19 years ago and has served as its CEO since 2004.

In a recent interview with IT World Canada, Chen explained why it’s imperative we tackle this menace head on.

“The number of bot-controlled computers has tripled since last year, and we’ve got to ask why,” said Chen.

The TrendMicro chief sought to answer that question herself by pointing to the sea change in the threat landscape over the past few years.

Time was when hackers were students or geeks looking for some excitement or to earn bragging rights, she said.

“Those days are gone.”

Today, she said, some of the most dangerous Internet crimes are perpetuated – not by individuals – but by well organized gangs.

These “hacker gangs”, she said, make so much money on their depraved projects that “they now have the capital to research and even hire skilled programmers just to write malicious code.”

“Hacking, it is estimated, is a US$8 billion dollar business,” with various items stolen online carrying pretty well-defined price tags, the TrendMicro CEO said.

For instance, she said, stolen credit card numbers with their PINs are being peddled for US$25 each, while social security numbers fetch $10 a piece.

And in these criminal projects, economies of scale and other techniques are also used to maximize ROI and minimize risk — much like any business.

Chen said the botnet phenomenon exemplifies these trends.

Botnets are networks of “bots” – computers captured and compromised by bot masters, who then use these machines for a range of nefarious purposes, including scanning networks for other vulnerable systems, launching denial of service attacks against specific targets, sending spam e-mails, keystroke logging as a prelude to ID or password theft, and much more.

While bot herders are coming up with newer and more sophisticated ways of “capturing” computers and avoiding detection, Chen says anti-virus software vendors need to be able to rise up to this challenge.

Being profit driven, most bot masters launch targeted attacks, writing code aimed at the specific groups they want to target, said Chen.

“To counter this, security products vendors should be able to understand and provide customized products that respond to various types of attacks.”

Likewise, she noted that bot herders and other types of hackers have started to make use of Web 2.0 tools and sites – sometimes hacking into well known social networking sites, and using pages on these sites as platforms to disseminate viruses and other types of malware.

AV software vendors should demonstrate that two can play the same game, she said. As an example of how social networking tools can be used to fight online crime, she cited the example of HijackThis!, the tool from the company of the same name that TrendMicro acquired a couple of months ago.

HijackThis is a free utility that quickly scans the user’s Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. The tool creates a report, or log file, with the results of the scan.

Chen said TrendMicro bought HijackThis, not just to gain access to this software. “Rather, we wanted to gain access to this entire community of users – users that help one another defeat security threats.”

This “communitarian spirit”, she said, was clearly evident when HijackThis! was released under the TrendMicro’s label.

“We added just one additional feature: Collect the Log.” On the very first day, Chen said, TrendMicro received 2,000 logs from customers, and that number continued to mount over the weeks.

“We used these logs for data mining, [and this helped us] understand the latest attacks and develop antidotes – rules that would identify and counter the new species of bots.” She said a TrendMicro free anti-botnet service codenamed: Are you being botted? is being developed based on feedback from the user community.

To be released next month, the service will notify computer users if their machine is controlled by a bot master, being used to transmit spam mail, or if information from their PC is being stolen and transmitted to the bot master.”

“That’s an example of how we use the collective intelligence of the user community to develop better, newer services,” Chen said.

She said vendors need to use the user community as their R&D resource. “They just can’t rely on their lab engineers to come up with solutions.”


Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now