Posted by Virus Bulletin on Sep 26, 2006
Botnet-spotting system watches for bad DNS behaviour.
Trend Micro has launched a new service, entitled InterCloud Security Service (ICSS), to look out for bot infestations within networks.
The system uses DNS-level behavioural analysis to spot bot-infected computers reaching out to talk to their herders. Once infections are detected, machines can be cut off from the network to prevent spreading while cleaning is initiated, including the option of using Trend's HouseCall remote scanner. The service is primarily aimed at ISPs and other large network systems.
A similar service, entitled ZombieAlert and launched last year by Sophos, uses data from spam traps to spot zombie-like behaviour, and alerts subscribers to the flow of dodgy data leaking from their networks.
Trend's press release is here, and more technical info on the InterCloud system is here.
Posted on 26 September 2006 by Virus Bulletin
