New Xindi ad Botnet Hitting Major Enterprises, Universities

By   ISBuzz Team
Writer , Information Security Buzz | Nov 18, 2015 10:00 pm PST

Cyber security expert Branden Spikes with Spikes Security (he’s the former tech lead of SpaceX, Tesla and Paypal) responds to today reports of a new ad fraud botnet now turned loose on enterprises and universities, which exploits the Amnesia bug in the Open RBT 2.3 protocol.

[su_note note_color=”#ffffcc” text_color=”#00000″]Branden Spikes, CEO, CTO and Founder Notes at Spikes Security :

“Traditional antivirus has become irrelevant in today’s cybersecurity industry. The digital advertising channel is the missing link to identifying new, emerging threats in cyber security.Until traditional anti-virus companies incorporate this channel, threats such as Xindi will continue to be overlooked.

“Xindi’s impressive list of victims is clear proof that common security measures used by advanced networks are not working. Only the latest security innovations provide a glimmer of hope, by isolating browsers into temporary VMs off the endpoint, quarantined like a pestilence they are quickly becoming.”

It’s estimated that Xindi will cost advertisers alone an estimated $3 Billion by the end of 2016, and has infected an estimated 6-8 million machines. Several Fortune 500 companies and leading academic institutions are cited as being at critical or high risk. Ad fraud and cyber security breaches are viewed as two sides of the same coin: botnets created for a specific purpose – in the case of Xindi, defrauding the multi-billion dollar programmatic ad industry – are often mutated for man-in-the-middle attacks and other purposes.[/su_note]

[su_box title=”About Spikes Security” style=”noise” box_color=”#336588″]AAEAAQAAAAAAAAJCAAAAJDhjY2M2Yjk5LTQwMjctNGZlYi1iZjA3LTU3MGU4N2M1YzU0ZgFounded in 2012, Spikes Security is focused on delivering secure, scalable, high performance appliance and software solutions that empower businesses with the freedom to safely leverage the web without fear of cyber-attacks. Its flagship offering is a powerful web malware isolation system that prevents all browser-borne malware from entering corporate networks and infecting endpoints, including mobile devices, without requiring installation of any endpoint software.[/su_box]