SOURCE: Blue Coat Systems, Inc.

Blue Coat Systems, Inc.

September 28, 2011 07:45 ET

Blue Coat WebPulse Collaborative Defense Proactively Protects 75 Million Users From Latest Attack by Shnakule Malnet

SUNNYVALE, CA--(Marketwire - Sep 28, 2011) - Blue Coat Systems, Inc. (NASDAQ: BCSI), a leading provider of Web security and WAN optimization solutions, today announced that the Blue Coat® WebPulse™ collaborative defense proactively protected its 75 million users from the latest attack launched by Shnakule, the largest malware network (malnet) on the Internet. Blue Coat Security Labs has been tracking the Shnakule infrastructure, which enabled WebPulse to dynamically identify the new threat. This same technique can proactively block future attacks from Shnakule and other malnets.

In the attack, first reported by Armorize Technologies, MySQL.com, a legitimate Web site, was hacked and serving malicious JavaScript that created an invisible iframe. The iframe enabled a drive-by download attack that was hosted on servers external to the MySQL.com site.

The attack utilized not only sites that are known to be part of the Shnakule malnet but new exploit and payload servers as well. The attack host was one of many malicious sites on a server that WebPulse had already categorized and blocked as a malware host, proactively protecting users from the attack that launched three days later. In the five days that the server has been in use, Blue Coat Security Labs has identified 81 different malware sites on this server.

"As noteworthy as this attack was, it is simply another traffic driver for a well-established malnet, providing further evidence that cyber criminals do not suddenly appear out of the woodwork to launch high profile attacks," said Dr. Tim van der Horst, senior malware researcher at Blue Coat Systems. "The Shnakule infrastructure runs 24/7 and launches new attacks in an effort to infect new victims. WebPulse tracks malnet infrastructures to protect its users independently of the traffic-driving method du jour."

Nearly 400,000 people visit MySQL.com per day, which provides cybercriminals with a high profile, potentially lucrative target. Among the pages targeted by the iframe injection were several pages documenting database administration, so a successfully executed attack could deliver malware designed to locate additional database credentials and locations on the victim's system. Such information would give the cybercriminal access to a wealth of potentially sensitive information and the ability to compromise additional systems.

The Shnakule network averages around 2,000 unique host names per day with as many as 5,708 in a single day. On an average day, the WebPulse service logs more than 21,000 requests into that malnet. Shnakule has traditionally been active with fake anti-virus attacks conducted via search engine poisoning, but has lately expanded into new types of attacks. In July, the malnet launched a malvertising attack. Blue Coat logged 15,000 user requests related to that attack.

The WebPulse collaborative defense provides proactive protection against new malware attacks for 75 million users worldwide. Through WebPulse, Blue Coat Security Labs tracks more than 500 malnets and blocks access to the infrastructure that is used to serve new attacks.

About Blue Coat Systems
Blue Coat Systems is a leading provider of Web security and WAN optimization solutions. Blue Coat offers solutions that provide the visibility, acceleration and security required to optimize and secure the flow of information to any user, on any network, anywhere. This application intelligence enables enterprises to tightly align network investments with business requirements, speed decision making and secure business applications for long-term competitive advantage. Blue Coat also offers service provider solutions for managed security and WAN optimization, as well as carrier-grade caching solutions to save on bandwidth and enhance the end-user Web experience. For additional information, please visit www.bluecoat.com.

Blue Coat, WebPulse and the Blue Coat logo are registered trademarks or trademarks of Blue Coat Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.

Contact Information