McColo Hosting C and C Server Security Threats Identified, by FireEye
December 9th, 2008 By: Hosting News
     













Milipitas, California – (The Hosting News) – December 9, 2008 – Hosted anti-malware and anti-botnet protection provider, FireEye, Inc., has reportedly identified over 450,000 IP addresses attempting to connect
to now-defunct Srizbi command and control (C and C) servers that were hosted by the McColo hosting provider.

Ashar Aziz, Founder and CEO of FireEye remarked, ”FireEye is dedicated to addressing the growing threats of botnet-related cybercrime affecting businesses and consumers daily. We cannot overemphasize the importance of securing against botnets and Web-based malware. FireEye’s recent discovery of the massive Srizbi botnet activity in the course of our investigations to help close Internet access to McColo is a testament to how sophisticated the botnet problem really is and we are offering recommendations on how victims can clean their Srizbi infected computers FireEye is providing recommendations designed for IT professionals to help them clean Srizbi-infected computers.”

McColo harbored a number of botnet C and C servers. To help squelch Srizbi activity, FireEye is providing recommendations on how victims can unplug from one of the largest botnets in the world. Although McColo was knocked off the Internet last week due to violations of upstream Internet bandwidth providers’ terms of use, the botnet problem continues to escalate as orphaned Srizbi, Rustock, and other botnet PCs attempt to call home to backup C and C infrastructures. In fact, McColo briefly returned to the Internet over the weekend and thousands of Rustock bots were essentially patched and reconnected to a new C and C server in Russia. Detection and prevention remain paramount before the process of reclaiming orphaned Srizbi bots accelerates if/when McColo gets back onto the Internet. Once reclaimed, bots will connect to the new C and C infrastructure and essentially go silent since they will stop the chatter of searching for a live C and C.

The FireEye security appliances and FireEye Malware Analysis and Exchange (MAX) Network service together provide comprehensive anti-malware and anti-botnet protection. FireEye appliances use virtual victim machines to analyze enterprise networks for web-malware and related bot activities on compromised machines. The FireEye MAX Network is a globally deployed malware discovery and analysis service that provides subscribers with the most current botnet and Web malware intelligence to complement on-premise anti-malware security appliances. It catalogs and disseminates security intelligence such as the inbound attack vector as well as the outbound call-back channels used to steal data. This is all derived from malware analyses which are conducted by interconnected networks of FireEye security appliances selectively deployed at service providers around the world. FireEye’s solution offers the industry’s first complete global and local anti-malware protection to precisely identify, understand, and stop emerging botnet and web malware threats.

FireEye, Inc. is an anti-malware and anti-botnet protection provider, enabling organizations to protect critical intellectual property, computing resources, and network infrastructure against Web malware and botnet infiltration. Today’s most damaging attacks are perpetrated through Web malware that forms into highly organized botnets, or networks of remotely controlled, compromised machines. FireEye delivers a complete solution that is designed from the ground up to detect and protect organizations from advanced Web malware and botnets through global and local intelligence and analysis. The company is backed by Sequoia Capital, Norwest Venture Partners, JAFCO, SVB Capital, DAG Ventures, and Juniper Networks.

To learn more, please visit: www.FireEye.com.

submit to reddit

SPONSOR SHOWCASE
iPage can make it easy to make money through your websites and they cares about your success

iPage offers a high payout of $105-$125 on the sale of a $42 hosting plan.
*$105-$125 Payout on EACH SALE.
*Liberal search policy. Seen program terms.
*FREE Google & Yahoo! marketing coupons.
*Green web hosting powered by 100% wind energy.
*Low price and easy sign-up make for high conversions.
*Shopping cart abandonment programs to increase your chance of making a sale.

Contact affiliates@ipage.com


Comments:




Related posts:

  1. 5 Security Threats Every SysAdmin Should Know
  2. Kerio ServerFirewall Defends Windows Servers against Security Threats
  3. Security Integration for Joomla and Drupal Hosting Kills Hacker Threats
  4. Cloud Computing Security Threats Identify Cloud Security Breaches
  5. Data Center Cyber Security Presents a Multitude of Threats


Tags: