Battling the legions of

An insidious army of darkness is rampaging across the Internet and taking control of unsuspecting business and personal computers.

They’re ’bots — zombie foot soldiers that march relentlessly to the order of “bot-herding” generals. These ’bot masters use the Internet to build massive platoons of bot-networks (botnets), operating from a central command station to direct this malicious software into hundreds, thousands or even millions of notebooks, PCs and servers.

Have you been wondering how those incessant junk e-mails about penny stocks and “male enlargement” wonder drugs keep pouring into your home and business accounts from all sorts of different and anonymous sources? Blame ’bots and botnets. They provide the covert means for mass distribution of junk e-mail and all sorts of other unwanted spam.

But that’s the least of the damage they do. At their evil worst, botnets can be used to extract personal and business information from computing systems — things like user names and passwords, e-mail addresses and log-in information, or even dial-up network settings.

Cyber criminals use botnets to extort and destroy. Personal information can be remotely encrypted and unlocked by a bot-herder — for a price, of course. A business may suffer a denial of service attack or an entire computing and communication system might be brought down and held to ransom by botnet-controlling evil-doers. A ’bot’s life begins as a software module that gets silently planted into an application on your computer system. Getting inside a computer is easy enough and happens through any number of innocent activities, such as instant messaging chats, opening e-mails or simply through surfing activities. Allysa Myers, a virus research engineer for security software company McAfee Inc., says you’re not likely to know when your system has been infected.

“These ’bots try to stay quiet and inconspicuous, if they can,” she says, explaining that many of today’s ’bots give no warnings or obvious signals as they install themselves on a system. Infestation can happen as a “drive-by download” simply by visiting a Web site, Ms. Myers adds.

Once in place, other ’bots gather and a botnet quickly spawns, instantly hatching a cancerous menace. Botnets are “modular,” meaning they tighten their grip of control by calling in other botnets that build upon one another with new functions and continually seek out and exploit vulnerabilities in applications or operating systems.

Botnets get entrenched by downloading more modules that further strengthen and conceal the infestation. Gradually the bot-herder’s ability to gain greater function and ultimately complete system control is achieved. That’s when the real dirty work begins.

Now omnipotent, these software zombies relentlessly hunt for even more system weaknesses. The deeper they weave their way into the fabric of your computer, the tougher they are to detect and destroy.

A recently published book by Jim Binkley and Craig A. Schiller, entitled Botnets, describes them as “the killer Web app,” inferring that the chaos they cause is destroying the world’s most important communication landscape.

Binkley and Schiller suggest botnets are an out-of-control threat and that the counter-offensive community of security professionals is being tasked beyond their capabilities to defend against the onslaught and becoming demoralized.

To put the threat into greater context, the book cites research from Symantec Corp. from 2006 that says the security company observed “more than 4.5 million distinct, active ‘bot-networked computers.”

Oliver Friedrichs, a director of emerging technologies for Symantec’s Security Response group, says his company observes 57,000 ’bot-infected computers each day.

He cites Internet founding father Vint Cerf’s estimate that 25 per cent of all computers connected to the Internet are infected by ’bots.

“I think that number is pretty high…but it shows the numbers are really across the board,” says Mr. Friedrichs. “There’s no way of knowing how many systems are infected at any given time.”

Should a business be concerned about ‘bots and botnets?

How great a risk do they pose, particularly to a business that relies on the Internet to drive its processes?

Mr. Friedrichs says systems infected with malicious code are unpredictable — and ultimately unreliable. So even though it may appear ’bots are non-malicious, the potential for them to cause damage is definitely there, he says.

It’s not so much the damage done to your systems, but rather the damage your systems may be used to do on others.

“You must ask: do you want your business to be responsible for being the source of a generated attack on other businesses?” he says. “Are you doing what you need to, to protect other Internet systems? Do you want to be seen as a company that takes precautions to protect your systems?”

The experts agree that ’bots and botnets are smarter than ever and tougher to detect. Thanks to better security technology and more secure operating systems, the spread of ’bots as a result of drive-by downloads has been greatly diminished. Most of today’s ’bot infestations happen as a result of people doing things they shouldn’t.

It’s best to practice safe computing through the use of good anti-virus and firewall products and diligently installing the latest software updates and patches when these are available.

“Making sure you have updated OS and application software security patches — that significantly minimizes the risk,” Ms. Myers says.

You might also diligently apply the best computing practices, many of which are detailed in the Botnets book.

These include: deleting spam and never responding to it, never executing unknown email attachments, using what the experts do to surf the Internet — browsers other than the frequently infected Internet Explorer — and being wary of downloading or executing any application from the Web.

And make sure your system’s auto-updates feature is active, to ensure you stay properly “patched.”

QuickLink: 070281

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now