Infographic: Anatomy of an Online Attack
Many of the serious attacks today are botnets, where collections of infected computers are controlled remotely by cyber-criminals. When a computer is attacked, there is usually a pattern associated with these bots from the initial infection to the loading of additional threats that lead to identity theft, unknowingly sending spam or participating in denial of service (DoS) attacks.
The infographic below illustrates an actual scenario. Initially, the computer is infected with Palevo, the main controlling bot that periodically checks in with its controller for instructions. Then the Zeus Banking Trojan attempts to steal online banking credentials from the victim. Later, the bot is rented out to a spammer and Lethic is loaded. Lethic checks in with its controller for instructions on what email to send and who to send it to.
Unfortunately, even with up-to-date security software, the victim may not realize until days later that they have been attacked. The Kindsight service can detect these infections by identifying the network communications between the bot and the controller, and alerting the user that they are infected.