BotNets have become a critical problem that must be addressed. They have evolved to the point where evidence suggests they are now targeting and affected cell phones. A BotNet is a collection of compromised computers that have been infected with software that allows the computer to be controlled remotely by the BotMaster. Each computer represents a node on the BotNet that is often referred to as a zombie.
Last year the Georgia Tech Information Security Center (GTISC) reported that 10 percent of online computers were part of BotNets. This year GTISC researchers estimate that BotNet affected machines may comprise 15 percent of online computers– a fifty percent growth in one year. Based on that number, there are 34 million computers in the United States that have been compromised and are now part of a BotNet. According to the CIA World Fact Book, there are about 1.5 billion internet users. When you factor in multiple devices per user and shared computers we estimate there are about 1.3 billion user devices connected to the Internet currently. Using the GTISC 15 percent compromise factor that translates to an estimated 195 million bots. According to one report some 150,000 computers become infected every day and join the millions of zombies that make up the BotNets.
This is not just thrown together software. The software used to establish Bots and control BotNets has now risen to professional status. Multiple automated propagation vectors are used to spread various payloads that include worms, viruses and Trojans that allow remote control of the infected computer. Another alarming trend is the use of rootkits. The malicious code that turns the PC into a Bot is being hidden in a rootkit and this is making it exceptionally difficult to defend against, detect and eradicate the Botware. These compromised computers are under the total control of a BotMaster and form a BotNet that can be tasked with bombarding a web site with so much traffic it crashes. That is what is known as a distributed denial of service attack (DDoS). Two relatively new trends have emerged. Malware writers have begun to offer malicious software as a service to those who control BotNets and BotMasters are selling the services of the BotNets they control on a traffic generated by their BotNet basis. BotNets that are specifically created for DDoS attacks can be leased with costs ranging from $50 to $2,500 depending on the capacity used and the length of the attack. International law enforcement and militaries around the world are aware of and concerned about the widespread availability of cyber mercenary or BotHerders (those who operate and sell BotNet capacity), and the fact that they have been hired by countries to do espionage and other dirty deeds.
It has now been recognized that unprotected computers pose a threat to every other computer or device connected to the Internet. One industry leader I spoke with that did not want to be identified said,“It is just a matter of time until laws are passed that mandate computer security software and updates on every computer that uses the Internet.” That was not the first time I have heard that comment and the frequency of that topic arising in conversation is significantly increasing. What do you think, should there be mandatory computer security capabilities installed and updated in every computer and device connected to the Internet?
INTEL: Armenia recently accused neighbor Azerbaijan of buying BotNets to cripple Armenian access to the Internet.
INTEL: According to a report from Kaspersky Labs, BotNets, not spam, viruses, or worms, currently pose the biggest computer security threat.
INTEL: One research study found that some of the largest BotNets are comprised of corporate machines.
INTEL: On average it takes corporations nearly three months to apply a Windows patch across all devices. That means malware and BotNets continue to take advantage of known vulnerabilities within enterprise environments during that unpatched period.
INTEL: Researchers predict that by 2012 there will be approximately 17 billion devices connected to the internet.
INTEL: BotNet growth is also the main driver of spam. Spam now equates to 92% of all email. Spam grows roughly 33% each month that means Spam increases by over 117 billion emails every day.
INTEL: According to the security firm Network Box, the number of viruses sent over email has increased by 300 per cent in the last three months.
{ 10 comments… read them below or add one }
Botnets have been around for over a half decade, and nothing said in this article or of recent development is new, unexpected, or unprecedented. Technolytics is looking for some new security contracts.
Why anyone would connect a mission critical system to the internet cloud is beyond me. The risk described in this article is created by lazy IT technicians allowing a known flawed and poorly understood operating system to manage their network traffic. Lease a dedicated line for goodness sake.
If computer security programs were mandatory by law, then I think Brian is on the right track.
I get bugged by relatives enough to “fix my anti-virus program” because an update didn’t go right. God forbid that an intrusion detection/ security system be added to the mix…
If it is mandated by law, then I believe that the Internet Service Providers (ISP) be tasked with the additional security responsibility. Make it hardware based and installed on their routers.
It would need to be hardware based for speed, but flashable for updates. Being hardware based, its code would be more protected against manipulation by malicious individuals.
Also, being at the ISP end, it would free the end users from another “Windows Update” program, and less tech support calls from relatives… :)
“Botnets have been around for over a half decade, and nothing said in this article or of recent development is new, unexpected, or unprecedented. Technolytics is looking for some new security contracts.”
Thank you, I was just about to post something similar. Unfortunately people who don’t even know how email works will pass bills spending hundreds of millions on “cyber security”.
Out military uses the best defense against botnets, its not on the same network, not even connected at all. There are public facing military networks but they are isolated from the regular network. The problems here relies in insecure public networks.
There are no effective defenses against large botnet networks when they reside on your netowrk. Filtering only works to a point but concentrated attacks against a relatively few nodes that makeup the internets core nodes by a relatively few number of bots would effectively shut down the internet.
Maybe off topic? The attorney Mario Apuzo has stated in a complaint that they attacking his site and from what I understand google is in cohorts with them and it seems the group is international here is a link.http://puzo1.blogspot.com/2009/07/censorship-by-google-and-blogspot.html. Then my protection was switched off. second time. just info
The fact of the matter is the appropriate measures to minimize botnet attacks have been implemented by the big tech companies for years. They are secure enough so that disruption goes unnoticed. Alternatively, government agencies do not operate under the same paradigm. They have annual budgets dictated by tiers of bureaucracy that limit the size and scope of IT modernization efforts. These efforts are disjointed amongst departments and agencies and breed an inconsistency in policy & implementation. Now we have a huge assortment of IDIQ & SETA contracts for specialized IT security because the government is incapable of doing it themselves, qed the government lacks an IT department.
Kevin calm down, don’t get your panties in a bunch. I’m sure you will never have a problem getting people in a big frothing lather over “cyber crimes”. It will go the way of the Y2K freakfest though.
Markus
Based on your comments, you are uninformed about what has taken place. I have been involved in cyber attacks and defense for since the mid 90s and you really need to listen and open you mind. While Kevin has done an ok job presenting what happens in public, the real concern is the classified attacks that are not made public. I am sure those influence his comments. This is a for non-classified data and I can assure you the classified side is much more of a target and sees more advanced attacks and use of BotNets.
“What do you think, should there be mandatory computer security capabilities installed and updated in every computer and device connected to the Internet?”
No. However, I do agree that the Internet’s wild west phase may be drawing to a close, and that as stated elsewhere in the comments, the ISP’s of the world should (perhaps by mandate) take a more active role in securing the net. Most end user’s just want to use the web for e-mail, shopping, surfing and banking and bill paying. They just want the thing to WORK, like their toaster and television work. See one of the world’s 140 million blogs for more on this: someblackthoughts.com