Securing Against BotNets



BotNets have become a critical problem that must be addressed. They have evolved to the point where evidence suggests they are now targeting and affected cell phones. A BotNet is a collection of compromised computers that have been infected with software that allows the computer to be controlled remotely by the BotMaster. Each computer represents a node on the BotNet that is often referred to as a zombie.

Last year the Georgia Tech Information Security Center (GTISC) reported that 10 percent of online computers were part of BotNets. This year GTISC researchers estimate that BotNet affected machines may comprise 15 percent of online computers- a fifty percent growth in one year. Based on that number, there are 34 million computers in the United States that have been compromised and are now part of a BotNet. According to the CIA World Fact Book, there are about 1.5 billion internet users. When you factor in multiple devices per user and shared computers we estimate there are about 1.3 billion user devices connected to the Internet currently. Using the GTISC 15 percent compromise factor that translates to an estimated 195 million bots. According to one report some 150,000 computers become infected every day and join the millions of zombies that make up the BotNets.

This is not just thrown together software. The software used to establish Bots and control BotNets has now risen to professional status. Multiple automated propagation vectors are used to spread various payloads that include worms, viruses and Trojans that allow remote control of the infected computer. Another alarming trend is the use of rootkits. The malicious code that turns the PC into a Bot is being hidden in a rootkit and this is making it exceptionally difficult to defend against, detect and eradicate the Botware. These compromised computers are under the total control of a BotMaster and form a BotNet that can be tasked with bombarding a web site with so much traffic it crashes. That is what is known as a distributed denial of service attack (DDoS). Two relatively new trends have emerged. Malware writers have begun to offer malicious software as a service to those who control BotNets and BotMasters are selling the services of the BotNets they control on a traffic generated by their BotNet basis. BotNets that are specifically created for DDoS attacks can be leased with costs ranging from $50 to $2,500 depending on the capacity used and the length of the attack. International law enforcement and militaries around the world are aware of and concerned about the widespread availability of cyber mercenary or BotHerders (those who operate and sell BotNet capacity), and the fact that they have been hired by countries to do espionage and other dirty deeds.

It has now been recognized that unprotected computers pose a threat to every other computer or device connected to the Internet. One industry leader I spoke with that did not want to be identified said,"It is just a matter of time until laws are passed that mandate computer security software and updates on every computer that uses the Internet." That was not the first time I have heard that comment and the frequency of that topic arising in conversation is significantly increasing. What do you think, should there be mandatory computer security capabilities installed and updated in every computer and device connected to the Internet?

INTEL: Armenia recently accused neighbor Azerbaijan of buying BotNets to cripple Armenian access to the Internet.

INTEL: According to a report from Kaspersky Labs, BotNets, not spam, viruses, or worms, currently pose the biggest computer security threat.

INTEL: One research study found that some of the largest BotNets are comprised of corporate machines.INTEL: On average it takes corporations nearly three months to apply a Windows patch across all devices. That means malware and BotNets continue to take advantage of known vulnerabilities within enterprise environments during that unpatched period.

INTEL: Researchers predict that by 2012 there will be approximately 17 billion devices connected to the internet.

INTEL: BotNet growth is also the main driver of spam. Spam now equates to 92% of all email. Spam grows roughly 33% each month that means Spam increases by over 117 billion emails every day.

INTEL: According to the security firm Network Box, the number of viruses sent over email has increased by 300 per cent in the last three months.

-- Kevin Coleman

Show Full Article

Related Topics