Jump to content

about problem called botnet

Vorless DarkChaos

Recommended Posts

i heard about this in one of my computer magazines

so i looked it up on internet

Botnets have become a force to be reckoned with in the world of cybercrime. Since the rise of botnets as a real security threat, researchers have been seeking ways to fend off attacks which are led by the zombie systems. And according to Microsoft, the problem is only going to get worse before it gets better.

In terms of security, a botnet can be defined as a group of compromised PCs running malicious software that can be remotely controlled by a "bot herder". These systems are behind several types of cybercrime such as spam, phishing, click fraud, trojans, and worms. A recent botnet worm, called "Big Yellow", scanned networks for systems running Symantec Client Security or Symantec AntiVirus Corporate Edition and then exploited a vulnerability in the software so that it could compromise the PC.

Aaron Kornblum, an attorney on Microsoft's Internet Safety Enforcement team, said that botnets have become the primary tool for hardcore cyber criminals. "Botnets are really where it's at for serious cyber criminals, because of their concentrated power. That power can be used for all sorts of malicious conduct on the Internet," he said.

In particular, phishing scams have grown in abundance even with most major browsers now incorporating some type of protection. In the past, phishing scams have focused on major financial institutions, but that focus has gradually changed over the last two years. According to Kornblum, "They're moving away from the top banking brands like Citibank... and they're moving down to mid-level and smaller-market financial institutions like credit unions and community banks, which may not have done as much consumer education."

Right now, it doesn't appear that botnets and the problems they create will go away any time soon. In the first six months of 2006, Symantec reported that there were 4.5 million botnets on the Internet, and McAfee claims that botnets have compromised 12 million PCs worldwide. In total, botnets account for 22 percent of all malware—compare that to 19 percent in 2004.

Even with security vendors and browser makers coming up with solutions to fight botnets, the zombies just won't die. Can you foresee this problem ever going away?



Bringing Botnets Out of the Shadows

Online Volunteers Monitor Illegal Computer Networks

By Brian Krebs

washingtonpost.com Staff Writer

Tuesday, March 21, 2006; 9:39 AM

Nicholas Albright's first foray into some of the darkest alleys of the Internet came in November 2004, shortly after his father committed suicide. About a month following his father's death, Albright discovered that online criminals had broken into his dad's personal computer and programmed it to serve as part of a worldwide, distributed network for storing pirated software and movies.

Albright managed to get the network shuttered with a call to the company providing the Internet access the criminals were using to control it. From that day forward, Albright poured all of his free time and pent-up anger over his father's death into assembling "Shadowserver," a group of individuals dedicated to battling large, remote-controlled herds of hacked personal PCs, also known as "botnets."

Now 27, Albright supports his wife and two children as a dispatcher for a health care company just outside of Boulder, Colo. When he is not busy fielding calls, Albright is chatting online with fellow Shadowserver members, trading intelligence on the most active and elusive botnets. Each "bot" is a computer on which the controlling hacker has installed specialized software that allows him to commandeer many of its functions. Hackers use bots to further their online schemes or as collection points for users' personal and financial information.

"I take my [handheld computer] everywhere so I can keep tabs on the botnets when I'm not at home," Albright said in a recent online chat with a washingtonpost.com reporter. "I spend at least 16 hours a day monitoring and updating."

On a Sunday afternoon in late February, Albright was lurking in an online channel that a bot herder uses to control a network of more than 1,400 hacked computers running Microsoft Windows software. The hacker controlling this botnet was seeding infected machines with "keyloggers," programs that can record whatever the victim types into online login screens or other data-entry forms.

Albright had already intercepted and dissected a copy of the computer worm that the attacker uses to seize control of computers -- an operation that yielded the user name and password the hacker uses to run the control channel. By pretending to be just another freshly hacked bot reporting for duty, Albright passively monitors what the hackers are doing with their botnets and collects information that an Internet service provider would need to get the channel shut down.

Albright spied one infected PC reporting data about the online activities of its oblivious owner -- from the detailed information flowing across the wire, it was clear that one of the infected computers belongs to a physician in Michigan.

"The botnet is running a keylogger, and I see patient data," Albright said. The mere fact that the doctor's PC was infected with a keylogger is a violation of the Health Insurance Portability and Accountability Act (HIPAA), which requires physicians to take specific security precautions to protect the integrity and confidentiality of patient data. "The police need to be notified ASAP to get that machine off the network."

A little more than an hour and a few phone calls later, the doctor's Internet service provider had disconnected the infected PC from its network and alerted the physician. Albright sent an e-mail to the FBI including all the evidence he collected about the attack, but he wasn't terribly sanguine that the feds would do anything with it.

"Anything you submit to law enforcement may help later if an investigation occurs," he said. "Chances are, though, it will just be filed away in a database."

A Spreading Menace




Botnets are the workhorses of most online criminal enterprises today, allowing hackers to ply their trade anonymously -- sending spam, sowing infected PCs with adware from companies that pay for each installation, or hosting fraudulent e-commerce and banking Web sites.

As the profit motive for creating botnets has grown, so has the number of bot-infected PCs. David Dagon, a Ph.D. student at Georgia Tech who has spent several years charting the global spread of botnets, estimates that in the 13-month period ending in January, more than 13 million PCs around the world were infected with malicious code that turned them into bots.



08/03/07 06:10

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...