BotNets and ZombiesWhat is a Botnet? It is a network of hijacked machines connected to the Internet. The machines often become infected by specially designed virus programs( malware) or have some other security exploit(hack). These hijacked/infected are referred to as "zombies", so a zombie is a node on a Botnet. Also called Drone Armies.Botnets can be used for many different tasks: sending spam, spreading viruses, hosting phishing sites, launching Denial of Service Attacks, and as platforms for network intrusions. In days gone by, computer time and computer storage space were expensive and hard to come by. It was common for hackers to "steal" processor time or disk space. However, now computers are cheap and easy to get, botnets generally have much more sinister applications. Most real spam likely comes from infected PCs. This is why email header tracing has become an ineffective method for fighting spam. Following the path an email has traveled will only lead you to a victim's PC. Not only that, it is a crap-shoot when it comes to ISP response. We have documented cases where it has taken weeks of constant reporting and complaints for an ISP to shutdown an infected PC. In the meantime, the infected PCs have sent out millions of junk emails. Because the Internet grows every day and because of the lack of standards and user knowledge, the threat of botnets will continue to increase. The problem has also expanded because cheap high-speed connections mean users leave their home PCs on and connected for extended and unsupervised periods. For home users we always recommend:
For corporate users we always recommend:
To take action educate yourself with the articles below and check out the Independent System Operator Task Force (isotf.org). They issue alerts, reports and have an interface for reporting Botnets. You can see in their reports that it is common for an ISP to have hundreds of intrusions per month and many have huge percentages of cases that go unresolved for extended periods. Recent (02.14.07) A virus has been spreading recently that was specifically designed to launch a denial of service attack against anti-spam websites. So far CastleCops has been one of the biggest victims but spamhaus and SpamCop have also been targeted. This tactic is not new, similar event in 2003 with the Mimail worm ,but it is becoming more severe. Storm Worm DDoS Attack (secureworks.com) Botnet with reference to SANS (isc.sans.org) Imperfect Storm aids spammers (securityfocus.com) Articles Fraudsters Declare War on Anti-Scam Services(computerworld.com.au) Software vulnerabilities spiked 39 percent in 2006(computerworld.com.au) Malware Attacks Getting Much Worse (crm-daily.com) Internet guru warns of botnet pandemic(zdnet.co.uk) Net pioneer predicts overwhelming botnet surge(zdnetindia.com) What Is A Bot? (netsecurity.about.com) Is your computer part of a criminal network? (theglobeandmail.com) Are hackers using your PC to spew spam and steal? (usatoday.com) What good are 1,000 remote-controlled PCs? (cnet.com) Is your computer a “zombie”? You could lose your email access if it is! (crt.net.au) THE CASE OF THE “ZOMBIE KING” (fbi.gov) Quicky Analysis of a Proxy/Zombie Network (lowkeysoft.com) |