Hi malware fighting friends,
The main cybercrime infrastructure consists of bot networks. With the canary detector it is possible to detect botnet activity in a very early stage. Three succesful anti-bot strategies go hand in hand there:
first network traffic analysis. This analysis will show the diffrence to the use of the normal network and the bot. The second technique is an “end host” detection algorythm to seek the Command and Control botnet channel. This can be done by measuring how many times a remote location is being approached by a computer from the network.
Users do not need to have any knowledge of the botnet at hand or detection of the payload, a detection can be done on a stand-alone machine but gets more smd more precise on a whole network populstion of machines or “n the cloud”. Immunet Protect would be a good platform to incorporate these techniques…
This then can be combined with previous knowledge of the actual working of botnets, whitelisting and testing a setup with malware. This canary detection inititiative comers from Intel, the chipmaker.
Report: http://irongeek.com/downloads/botnets-malware-class.pdf
Interesting video presentation:
http://blip.tv/play/AYHAqHwC
polonus