EXCLUSIVE INTERVIEW
FireEye CEO Ashar Aziz: Battling the Zombie Hordes

The company announced its new Botwall appliance, linked to a worldwide intelligence network coupled to local botnet analysis designed to thwart attacks.

FireEye plans to spearhead a new industry alliance bent on cooperation to protect consumers, service providers and corporate networks against botnet-driven attacks, CEO Ashar Aziz told TechNewsWorld.

150 Million and Counting

Experts estimate there are as many as 150 million bot-infected computers around the world and warn that the number of bot-compromised computers is rapidly growing. Botnets are made up of infected computers, also known as "zombies," that form a network of remotely controlled computers used at will by crime groups to perform a variety of illegal activities.

These organizations, which control computers without the owners' knowledge, function much like a puppeteer controls a puppet with strings. The illegal activities range from stealing users' identities and confidential information like bank account numbers and passwords to sending out massive amounts of spam e-mail. They also can conduct DOS (denial of service) attacks, phishing attacks and other illegal activities.

TechNewsWorld discussed FireEye's technology and the current state of the global botnet pandemic with Aziz.

TechNewsWorld: What is driving the worldwide pandemic of botnet takeovers?

Ashar Aziz: When the idea of taking over computers began in 2004, when we started FireEye, Slammer and other quickly spreading infections were little more than toys that made the players notorious. But there was a potential for a much more sophisticated attack model. This year that model materialized with far more serious malicious results orchestrated by criminal networks. Now bot masters, those who control the compromised computers, are driven by greed and money.

TechNewsWorld: How has the security industry reacted to the growth of malicious botnets?

Aziz: For the most part, the industry developed new versions of the techniques it already was using to fight virus and Trojan infections. Meanwhile, the malicious code writers developed new attack methods and innovative ways to avoid detection by virus scanners. For example, bot code writers learned to lay low and go slow on the machines they infected. Thus, traditional scanning engines couldn't see them. Ultimately, it became increasingly apparent that the old techniques do not work in defending against botnets.

TechNewsWorld: How many technologies exist today for fighting bots? Is it a one-size-fits-all mentality or are there effective new defensive measures and eradication methods available?

Aziz: We're seeing the industry in general responding the same way. Antivirus vendors doubled their efforts with the two methodologies that existed for fighting viruses. One is the signature-based approach. But bots can change a few bits in a signature so the signature is no longer valid. The other is behavior-based techniques. Bots can take evasive action to avoid detection.

TechNewsWorld: What specific threats do botnet attacks pose?

Aziz: Bots are progressed and now can follow many attack types. One of the earliest was the denial of service attack. The goal was to extort money from a company to forestall disclosure of the data thefts. That was a very primitive model. Authorities could trace the money trail.

TechNewsWorld: So bot attacks have become more malicious?

Aziz: Clearly yes. Spam bots command thousands of compromised computers and consume tremendous amounts of bandwidth. Bot masters now lease to the bad guys the legions of compromised computers and corporate networks they command. And the bots can install keylogging programs that steal user identifications and passwords to financial accounts and sensitive corporate data. There is a very large black market that feeds a multi-billion dollar market today.

TechNewsWorld: What other types of threats do botnets pose today?

Aziz: Botnets command a huge arsenal of automated clicking activity on e-commerce Web sites. This type of automated click fraud has replaced the human operators paid to repeated click on ad links. Bots are much faster than humans at clicking. This type of fraud is generating from 10 to 20 percent of all clicks on the Internet and is costing virtual merchants and Web advertisers thousands of dollars paid to the crime gangs.

TechNewsWorld: What do you see as the most dangerous attacks by botnets?

Aziz: Botnets can target corporate networks to steal sensitive data and cripple the economic structure. Botnet attacks aimed at corporations are much more effective general phishing attacks to gain ID thefts. It's like fishing in a barrel of water instead of the ocean.

TechNewsWorld: Do you see any political ramifications involving botnets?

Aziz: This is perhaps the most dangerous of all botnet threats. Consider what political factions did against the Estonian government. Estonia's computer infrastructure was taken down completely by a collection of bot networks compromised around the globe over a political dispute. This kind of potential national destruction is one of our most pressing threats.

TechNewsWorld: How does FireEye hope to bolster the defenses against the botnet pandemic?

Aziz: We can't fault the existing vendors. Detecting bot infections is a very tough technological problem. It is hard to make more than incremental enhancements in existing technology. It takes a startup company to be able to engineer a solution from the ground up. ISPs are waiting for a new solution. The large ISPs have invested lots of money providing free antivirus protection for their subscribers. The ISPs are waiting for a better solution.

TechNewsWorld: What makes FireEye's approach different than other security appliances and existing antivirus programs on the market?

Aziz: The botnet pandemic is affecting all corners of the globe. What the industry needs is cooperation among governments, consumers, vendors and corporations. We are trying to seed such an alliance and are working to create industry-wide cooperation. We already have agreements with numerous ISPs and large corporations that I can not disclose at this time. We are hoping to work with all security vendors to enable the development of a new ecosystem that will protect consumers and businesses alike.

TechNewsWorld: How will this new approach work?

Aziz: Our technology connects a hardware device within a network and is able to react to the global intelligence-gathering appliances we installed on networks of cooperating companies. Our analysis will enable us to track botnet changes in real time and share that information. We can then inject the bot malware into our virtual victim machines and identify the activity in a sandbox environment with a high degree of precision. This will allow us to block and remove the malware infections.