Damballa (company)

From Wikipedia, the free encyclopedia

For the Vodou spirit, see Damballa.
Damballa
Type Corporation
Founded 2006
Founder Merrick Furst
Headquarters Atlanta, GA, United States of America
Key people Linowes, Steve; Lee, Wenke; Dagon, David
Industry Computer security
Products Botnet detection
Website http://www.damballa.com

Damballa is a computer security company devoted to disrupting botnets.[1][2] Damballa was founded in Atlanta, Georgia by Merrick Furst, an associate dean and botnet researcher in the Georgia Institute of Technology (Georgia Tech) College of Computing[3]; he was joined by two of Georgia Tech colleagues, Wenke Lee, and David Dagon.[4] It is named after Damballa, a Vodou snake god.[5] Two venture capital firms, Sigma Partners and Nora Mosely Partners, and angel investors Imlay Investments, provided it with a combined US$2.5 million in Series A[3] (initial) funding. Furst chose Steve Linowes as CEO soon after founding, with assistance[5] from Imlay Investments. According to its site, Damballa now seeks primarily ISP and corporate clients.[6] They also have had at least one federal agency as a customer.[5] Damballa says they have government customers because of infrastructure security concerns.[4]. In August 2007, Damballa secured $US6 million in Series B funding .[7]

Damballa is reluctant to provide information about itself or agree to interviews, because they say that weakens their ability to provide security. However, their general strategy has become clear. Damballa monitors Internet traffic from stations around the Internet in order to attempt to distinguish bot communication. It said that by April 2006, it had detected 13 million computers controlled by botnets.[5]

In early April 2008 Damballa found itself in conflict with several security vendors, some of whom claimed that Kraken is merely the long-known Bobax worm[1] [2] [3]. Other security vendors, such as ISS and McAfee, have issued releases labeling Kraken as new under the Damballa-created label. [4] [5] Damballa subsequently issued a technical response to these claims on its website [6] and spoke to the media regarding the events[7].

In addition, a Washington Post / Dark Reading write-up on RSA 2008 conference proceedings revealed the startup company was hijacking Kraken botnet control servers. [8] This technique, as Brian Krebs of the Washington Post indicates, represented research at the Georgia Tech Information Security Center (GTISC) pre-dating the company's existence as an entity. [9]

Additional controversy was created by anti-virus vendor responses to Damballa's claim that Kraken had gone undetected by 80% of computers with AV installed. Subsequent investigation shows that Damballa's claim of Kraken being undetected by over 80% of AV users is based on Gartner AV marketshare data and VirusTotal logs released by the Washington Post. Comparing AV marketshare data with vendor-specific detections shows that in December 2007, 86.4% of computers with AV software installed failed to detect Kraken malware. [10] [11] Related, SANS Internet Storm Center used VirusTotal logs to identify Kraken samples with detections as low as 5/32 AV tools. [12]

[edit] References

  1. ^ Markoff, John. "Attack of the Zombie Computers Is Growing Threat", The New York Times, 2007-01-07. Retrieved on 2007-01-07. 
  2. ^ Company. Damballa, Inc. Retrieved on 2007-01-07.
  3. ^ a b Startup Aims to Detect and Thwart Botnets. Nerd Twilight (2006-08-17). Retrieved on 2007-01-07.
  4. ^ a b Wilson, Tim (2006-08-15). Startup to Challenge Botnets. Dark Reading. Retrieved on 2007-01-07.
  5. ^ a b c d Rubner, Justin. "Tech spinoff gets $2.5M to go after 'zombies'", Atlanta Business Chronicle, April 7, 2006. Retrieved on 2007-01-07. 
  6. ^ Customers. Damballa, Inc. Retrieved on 2007-01-07.
  7. ^ "Internet Security Firm Lands $6M in New Financing", WRAL.com, 2007-08-29. Retrieved on 2007-09-01.