According to an alert released by Symantec Thursday, the unnamed bot can gather information from the infected hosts and make detection and removal difficult. It can harvest e-mail addresses, capture screens, terminate anti-virus software, and modify the local HOSTS file to prevent DNS queries on selected domains.
"There's really not much difference between a bot and a worm," said Huger. "The only real difference is that a bot won't break into an internal network. On outward-facing systems, there is no difference. Getting broken into is getting broken into."
The bot is widespread and active, said Huger, who pointed out that the compromised honeypots use unpublished IP addresses and domains, making them vulnerable only through extensive scanning of the Internet.
"The attacker is scanning several hundred thousand addresses at a time looking for systems to break into," said Huger. "That's how they found our honeypots."
This attack is a good example, he said, of how bots, and the vast networks of compromised machines that they control, often fly under the radar of not only the public and the media, but even security vendors.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
