Blue Coat Protects Users from Latest Attack by Shnakule Malnet
The Blue Coat WebPulse collaborative defense has proactively protected its 75 million users from the latest attack launched by Shnakule, the largest malware network (malnet) on the Internet. Blue Coat Security Labs has been tracking the Shnakule infrastructure, which enabled WebPulse to dynamically identify the new threat. This same technique can proactively block future attacks from Shnakule and other malnets.
The attack utilized not only sites that are known to be part of the Shnakule malnet but new exploit and payload servers as well. The attack host was one of many malicious sites on a server that WebPulse had already categorized and blocked as a malware host, proactively protecting users from the attack that launched three days later. In the five days that the server has been in use, Blue Coat Security Labs has identified 81 different malware sites on this server.
Dr. Tim van der Horst, senior malware researcher, Blue Coat Systems said, "The Shnakule infrastructure runs 24/7 and launches new attacks in an effort to infect new victims. WebPulse tracks malnet infrastructures to protect its users independently of the traffic-driving method du jour."
Shnakule has traditionally been active with fake anti-virus attacks conducted via search engine poisoning, but has lately expanded into new types of attacks. In July, the malnet launched a malvertising attack. Blue Coat logged 15,000 user requests related to that attack.
Through WebPulse, Blue Coat Security Labs tracks more than 500 malnets and blocks access to the infrastructure that is used to serve new attacks.