Botnet C&C Participation is a Corporate Data Breach
Gunter Ollmann writes on the Damballa "The Day Before Zero" Blog:
There are a lot of misconceptions within the IT industry when it comes to botnets and their criminal operators, but perhaps the most significant is the assumption that bot agents and their participation within a botnet is just a permutation of the malware threat.More here.
Looking purely at the bot agent from a malware perspective really misses the point. Sure, from a feature/functionality perspective their evolutionary trails are clear to all who bother to look. However, membership within a botnet isn’t a linear scalar in a risk calculation – it fundamentally changes the risk to an enterprise and, even more importantly, has a regulatory impact.
While malware can be treated as an inconvenience, a host infected with a bot agent is technically a compromised asset. If the bot agent has successfully registered itself as a member of a botnet and its C&C is functioning, the enterprise network has been breached.
Let me restate that more succinctly – host membership within a botnet is a corporate data breach.