According to recently published research by the Honeynet Project (an international internet security monitoring organisation), millions of PCs worldwide are being probed, on a daily basis, for vulnerabilities that enable them to be recruited into botnets. A ‘botnet’ is a collection of internet connected machines that have been deliberately compromised by a hacker, in order to be remotely controlled.
The vast majority of botnets are made up of Windows-based PCs, where exploitable security vulnerabilities are used to gain control, allowing hackers to recruit your computer as a ‘zombie’. On the surface, the computer appears to be functioning normally, but may actually be used to take part in a massively distributed coordinated Internet borne attack. Machines targeted for recruitment can include everything from granny’s broadband-connected PC through to a large corporate network.
So why are botnets such a threat to us? A single hacker, with the use of internet relay chat technology can centrally command the control of thousands of desktops, in order to launch a variety of very disruptive attacks against any system connected to the Internet. Typical attack scenarios can consist of distributed denial of service connectivity (DDOS), email spamming, malware distribution and identity theft.
Internet infrastructure
In the past few years, the availability of key parts of the internet infrastructure (root naming servers, Google search engine, etc) have been disrupted, through a concerted DDOS attack, instigated by one or more botnets. The costs incurred by the affected businesses can run into millions on a daily basis.
“Phishing” scams are another characteristic of botnets that have been widely reported recently. Thirty million ‘phishing’ attempts and 1.2 billion junk e-mails were distributed in early 2005. This means your compromised desktop could be used to host a popular bank’s ‘cloned’ web site to harvest customer personal banking information. Several hundred of these counterfeit web sites could be simultaneously active such that when one is taken off-line another assumes control. Some instances of these web sites have been found that aim to capture your data going back and forward to the genuine site, in order to harvest your personal identity information, giving the appearance that you are connected directly to a valid secured web site. Afterwards, the botnet controller instructs the collecting zombies to report back with relevant collected personal data to be sold on to third parties.
So how could botnets affect you? Other than experiencing a slow down on your Internet connectivity, you are likely to be oblivious to what a hacker is actually doing with your PC. Personal data such as previously purchased software license codes may be harvested and then traded through online chat rooms. Your PC and broadband connection could also be used to send out large volumes of unsolicited junk email or host a ‘cloned website’, which can put you in trouble with your internet service provider.
Reduce risk
So what can Irish businesses do to reduce the risk posed by botnets? In technology terms, any online Windows machine must have both up-to-date anti-virus and anti-spyware software installed. Although not foolproof, the aim of this software is to keep out 99 per cent of the malware that tries to infect our desktops and servers. Central management of this threat is vitally important so that the system administrator can see, in real-time, the security ‘health’ of their geographically dispersed computer systems and take action where necessary. Of equal importance, is the need to ensure that the systems are up-to-date in terms of security patches, regularly published by the various platform vendors. An improperly patched Internet-connected PC can be compromised by a botnet in as little as a few minutes.
Unfortunately, a significant proportion of recruited botnet machines tend to be home PCs. People often purchase a PC and plug it into the internet as if it were a new TV, without a second thought given to the aforementioned security risks. Increasing user awareness of the dangers is vital to keeping their important data safe. Users should exercise caution when opening unrecognised e-mail attachments and avoid responding to unsolicited e-mails, especially those requesting personal information.
The internet should not be used unless an adequate firewall and automatic security updates are enabled by default. Additionally, installing freely downloadable software without checking the associated “End User License Agreement” should be avoided. This can lead to spyware being installed, as is often found with peer-to-peer file sharing software. Regular backups of important local data should also be carried out, as more and more destructive viruses are deployed to the internet.
Poker face – DDOS in action!
A good example of a denial of service attack directly having an effect on a business is that of an offshore company that hosted an online poker gaming web site. A well organised group of players based out of an Eastern European country would play large hands of around $5,000 in the online game. If they realised that they were going to loose the hand they would launch a denial of service attack on the web server. This would cause the server to reset itself and wiped the slate clean for the players. This resulted in the players only completing hands where they were likely to win thereby causing the other players and the online gaming web site to lose money.
Courtesy of Colm Murphy, technical director, Espion.
Subscribers 0
Fans 0
Followers 0
Followers