It's time for enterprises to turn some attention to botnet threats. According to Fortinet's June 2010 Threat Landscape report, new variations of the Sasfis botnet entered the Top 10 list. Sasfis has been competing with the Pushdo botnet in terms of sheer volume and was very active this past month. And now, the Kraken bot seems to be making a comeback.
This report comes on the heels of the Gartner prediction that botnets will be a problem for a long time to come.
Of course, botnets are becoming more resilient and are reaching networks through more legitimate means, making them difficult to fight at times. To show that, in an interesting guest post at ZDNet, Derek Manky listed Fortinet's top threat predictions for 2010 and how those predictions have played out six months later. About botnets, he wrote:
January 2010: "Botnets will no longer just obfuscate their binary codes to escape detection. Instead, they will piggyback on legitimate communications vehicles to propagate and cloak activities.”
June 2010: This year several new botnets that have come into scope, each using common protocols such as HTTP to do their dirty work. Botnets, which existed before 2010, continue to remain strong and develop their protocols to obfuscate activity. This year we discovered Webwail, a Web-based scripting engine that can create accounts through the Web (such as Yahoo, Hotmail, GMail, etc) and then spam through them. To do this, CAPTCHAs are cracked dynamically by a third party, so that the Web bot may proceed as if it were human. While we have only observed Webwail to create and send spam, our analysis indicates it is much more capable.