Fast Flux Botnet: Research Results

Just like that, another Akamai Edge has come and gone. If you were able to join us this year, I hope you had a chance to stop by my presentation on Threat Intelligence Insights: An In-Depth Analysis of a Fast Flux Botnet. 

In short, Fast Flux is a DNS technique used by botnets to hide various types of malicious activities (such as phishing, web proxying, malware delivery, and malware communication) behind an ever-changing network of compromised hosts acting as proxies. In general, a Fast Flux network is mostly used to make communication between malware and its command and control server (C&C) more resistant to discovery. Here at Akamai, our high visibility to both Web and Enterprise traffic enables new and unique insights on the behavior of such Fast Flux networks.

Our Enterprise Security Threat Research Team conducted an analysis of a sophisticated botnet using Fast Flux techniques made up of more than 14,000 IP addresses. Although most of the IP addresses originate from eastern Europe, some of the associated IP addresses are in address space that is assigned to Fortune 100 companies. These addresses are most likely used by this particular Fast Flux network owner as spoofed entities and are not genuine members of the network. This approach allows the botnet to “borrow” the positive reputation associated with the IP address to carry out its malicious activities.

The increasing complexity of enterprise networks and dependencies on public networks make it more difficult than ever to maintain an accurate picture of what is really happening on your networks. At the same time, the increasing sophistication of the obfuscation techniques used by hackers to hide their malicious activities makes it even more important to maintain granular insights into network activity. The level of visibility Akamai has into both ‘good’ and ‘bad’ traffic on the Internet and within corporate enterprise networks makes this kind of research possible and is critically important to how we can best protect our customers.

Whether you had a chance to listen to my talk or not, I’d like to extend the opportunity to learn more about this topic in our new whitepaper containing the results of this new research. 

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Or Katz. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/m16_hIRZ2sw/fast-flux-botnet-research-results.html