=3Dwh
Securing Against BotNets
By Kevin Coleman
August 3, 2009 07:05 AM
BotNets have become a critical problem that must be addressed. They
have evolved to the point where evidence suggests they are now
targeting and affected cell phones. A BotNet is a collection of
compromised computers that have been infected with software that
allows the computer to be controlled remotely by the BotMaster. Each
computer represents a node on the BotNet that is often referred to as
a zombie.
Last year the Georgia Tech Information Security Center (GTISC)
reported that 10 percent of online computers were part of
BotNets. This year GTISC researchers estimate that BotNet affected
machines may comprise 15 percent of online computers- a fifty percent
growth in one year. Based on that number, there are 34 million
computers in the United States that have been compromised and are now
part of a BotNet. According to the CIA World Fact Book, there are
about 1.5 billion internet users. When you factor in multiple devices
per user and shared computers we estimate there are about 1.3 billion
user devices connected to the Internet currently. Using the GTISC 15
percent compromise factor that translates to an estimated 195 million
bots. According to one report some 150,000 computers become infected
every day and join the millions of zombies that make up the BotNets.
This is not just thrown together software. The software used to
establish Bots and control BotNets has now risen to professional
status. Multiple automated propagation vectors are used to spread
various payloads that include worms, viruses and Trojans that allow
remote control of the infected computer. Another alarming trend is the
use of rootkits. The malicious code that turns the PC into a Bot is
being hidden in a rootkit and this is making it exceptionally
difficult to defend against, detect and eradicate the Botware. These
compromised computers are under the total control of a BotMaster and
form a BotNet that can be tasked with bombarding a web site with so
much traffic it crashes. That is what is known as a distributed denial
of service attack (DDoS). Two relatively new trends have
emerged. Malware writers have begun to offer malicious software as a
service to those who control BotNets and BotMasters are selling the
services of the BotNets they control on a traffic generated by their
BotNet basis. BotNets that are specifically created for DDoS attacks
can be leased with costs ranging from $50 to $2,500 depending on the
capacity used and the length of the attack. International law
enforcement and militaries around the world are aware of and concerned
about the widespread availability of cyber mercenary or BotHerders
(those who operate and sell BotNet capacity), and the fact that they
have been hired by countries to do espionage and other dirty deeds.
It has now been recognized that unprotected computers pose a threat to
every other computer or device connected to the Internet. One industry
leader I spoke with that did not want to be identified said,"It is
just a matter of time until laws are passed that mandate computer
security software and updates on every computer that uses the
Internet." That was not the first time I have heard that comment and
the frequency of that topic arising in conversation is significantly
increasing. What do you think, should there be mandatory computer
security capabilities installed and updated in every computer and
device connected to the Internet?
INTEL: Armenia recently accused neighbor Azerbaijan of buying BotNets
to cripple Armenian access to the Internet.
INTEL: According to a report from Kaspersky Labs, BotNets, not spam,
viruses, or worms, currently pose the biggest computer security
threat.
INTEL: One research study found that some of the largest BotNets are
comprised of corporate machines.
INTEL: On average it takes corporations nearly three months to apply a
Windows patch across all devices. That means malware and BotNets
continue to take advantage of known vulnerabilities within enterprise
environments during that unpatched period.
INTEL: Researchers predict that by 2012 there will be approximately 17
billion devices connected to the internet.
INTEL: BotNet growth is also the main driver of spam. Spam now equates
to 92% of all email. Spam grows roughly 33% each month that means Spam
increases by over 117 billion emails every day.
INTEL: According to the security firm Network Box, the number of
viruses sent over email has increased by 300 per cent in the last
three months.