Nexusguard Remind - Advanced Anti-tracking Botnet: An Evolving Trend of DDoS Attack

Share Article

A cyber threat report( says cloud computing has become an evolving platform for botnet-based attacks. By using a Domain Generation Algorithm, attackers are able to render themselves undetectable by security devices.

“End users should thus attempt to monitor their own traffic. They can also request the legal authorities to stop running suspicious C&C servers, ” said Frank Tse, Security Researcher of Nexusguard.

The newly published Georgia Tech Emerging Cyber Threats Report for 2013, prepared by Georgia Tech Information Security Center and Georgia Tech Research Institute, has highlighted cloud-based botnet as an evolving trend of DDoS attack in 2013. With the use of Domain Generation Algorithms, attackers are able to operate undetected by command-and-control (C&C) servers in cloud.

“The main purpose of DGA is to make botnet server tracking more difficult by using random domain names for rendezvous points, as these names are randomly generated or even don’t exist. When launching an attack, attackers register a new domain as per DGA rules, allowing the botnet to connect with it and starting remote commands from C&C servers,” said Frank Tse, Security Researcher of Nexusguard.

“The commands can be effectively designated at specific dates and times. When security firms try to trace the attack, the attackers would have already terminated the connection of botnet and C&C server. Even if they security firms manage to effectively trace the domain, the domain itself is in random or even doesn’t exist.” Frank added. “This enhance the difficulties of engaging in filtering, as doing so may impact legitimate customers with domains on the 'randomly generated' list”

“End users should thus attempt to monitor their own traffic and terminate all malicious traffic to C&C servers. They can also request the legal authorities to stop running suspicious C&C servers, ” Frank said.

Donny Chong, the Head of Marketing and Channel at Nexusguard, said that China remains the single largest source of botnet. “This is largely due to its weak Internet security policy and the abundance of Trojans infected freeware floating around the Internet. It doesn’t help that Botnets are freely traded and sold in forums and discussion boards, under the pretense of stress testing services.”

“This scenario proves to be a problem for businesses trying to capitalize on the growing consumer market in China, with businesses forced to deal with hundred of thousands of seemingly legit users attacking their system at any one time.”

“Other sources of attacks includes datacenter attacks originating from Korea, whereby datacenter infrastructure and controls are paradoxically abundant and lacking at the same time, as in the cases of Russia, Japan, The United States of America, and various South American States,” shared Donny.

Due to their uniqueness and the difficulty of combating them, Botnets will continue to be a choice weapon in the arsenal of attackers. Trojans developers and insertion specialists have a high motivation to capture and increase their hold on botnets as a commodity; this trend will continue to grow in countries where Internet security policies are still developing. As a premium provider of cutting-edge web solutions, Nexusguard understands the evolving threat of botnets, and is always ready to combat botnet-based DDoS attacks. For more details please visit

About Nexusguard
Nexusguard, incorporated in 2008, is a premium provider of end-to-end, in-the-cloud Internet Security Solutions. Nexusguard delivers solutions over the internet to ensure that our clients enjoy uninterrupted web-service delivery to their users, by protecting them against the ever-increasing and evolving multitude of internet threats, particularly Denial-of-Service (DDoS) attacks, and other attacks directed at web application software.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Ivy Wu
Visit website