The Channel logo

News

By | Darren Pauli 22nd June 2015 06:56

US is the world's botnet mothership, says Level 3

Not the way you want to lead the globe

Level 3 Communications says America is home to more botnet command and control servers, edging out the Ukraine, with Russia only managing third place.

Command and control servers, used to maintain vast botnet scourges, are active for about 30 days before being taken down by operators located all over the world or by local police authorities.

The Level 3 research paper says the US is a good place for command and control servers given its reliable network infrastructure and that connections to the country are not unusal for many western organisations.

"An average of 20 percent of the command and control servers we tracked were based in North America with a nearly equal amount launching from the Ukraine and Russia combined," the report [PDF ] says.

"Unusual communications to these countries should be automatic red flags for IT and security organisations.

"A review of whether servers should be communicating, authenticating or transferring data with endpoints in certain high-risk countries can be a predictor of potential threats to your environment or an indicator of a potential compromise."

The UK chalked up sixth spot while Australia with its vast empty spaces did not feature in the global report that tracked 1000 command and control servers during the first quarter this year.

Of the monitored botnets some 600 were targeting corporate environments.

"Left unchecked, these command and control servers have the potential to disrupt business and destroy critical information assets."

Level 3 describes for report readers some of the latest botnet threats including the SSHPsychos bot that at its peak accounted for 35 percent of all SSH traffic.

That bot was left battered after the company together with Cisco Talos sought to take it down and prevent its automated SSH brute-force attacks against Linux servers.

The company says gaming outfits and internet providers were the hardest hit by botnet distributed denial of service attacks many operating from booter services.

It recommends buisness investigate unusual communications between high-risk countries, double check port scanning attempts which may indicate more nefarious botnet attacks, and keep tabs on DDoS attack profiles. ®

comment icon Read 14 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock