Post Mon Oct 16, 2006 4:44 pm

Is the Botnet Battle Already Lost?

Cool article by Ryan Naraine of eWeek:

It's dress-down Friday at Sunbelt Software's Clearwater, Fla., headquarters. In a bland cubicle on the 12th floor, Eric Sites stares at the screen of a "dirty box," a Microsoft Windows machine infected with the self-replicating Wootbot network worm.

Within seconds, there is a significant spike in CPU usage as the infected computer starts scanning the network, looking for vulnerable hosts.

In a cubicle across the hall, Patrick Jordan's unpatched test machine is hit by the worm, prompting a chuckle from the veteran spyware researcher.

Almost simultaneously, the contaminated machine connects to an IRC (Internet Relay Chat) server and joins a channel to receive commands, which resemble strings of gibberish, from an unknown attacker.

"Welcome to the world of botnets," said Sites, vice president of research and development at Sunbelt, a company that sells anti-spam and anti-spyware software.

"Basically, this machine is now owned by a criminal. It's now sitting there in the channel, saying 'I'm here, ready to accept commands,'" Sites explained.

A botnet is a collection of broadband-enabled PCs, hijacked during virus and worm attacks and seeded with software that connects back to a server to receive communications from a remote attacker. And these botnets are everywhere.

According to statistics released by Symantec, an average of 57,000 active bots was observed per day over the first six months of 2006.

During that period, the anti-virus vendor discovered a whopping 4.7 million distinct computers being actively used in botnets to spit out spam, launch DoS (denial of service) attacks, install malware or log keystrokes for identity theft.

Botnets filled—and easily replenished—with compromised Windows have emerged as the key hub for well-organized crime rings around the globe, using stolen bandwidth from drone zombies to make money from nefarious Internet activity, according to security experts tracking the threat.

From adware and spyware installations to spam runs and phishing attacks, CPU cycles from botnets drive a billion-dollar underground business that thrives on lax computer security and uses "money mules" to ship physical items around the world.


For full story:
http://www.eweek.com/article2/0,1895,20 ... 01606EP15A

Don
CISSP, MCSE, CSTA, Security+ SME