Sunday, February 11, 2007

The Threat of Botnets

The world of internet in 2006 was the year of Botnets.

What is a Botnet? Think of it as something of a Virus; but not exactly one. Botnets are networks of infected computers that can be controlled by a master computer. Such compromised computers are infected due a malicious code. The malicious code or malware is sent to computers through various means like email attachments, spam emails, video downloads, music downloads etc. Computers that are vulnerable are the first ones to be targeted. When computers do not have the latest upgrades, patches and anti virus software they are vulnerable to such malicious code or malware. Once infected it is not possible for the owner to know that his machine is compromised or infected. It is said that in the USA around 20% of all computers are estimated to be infected. Such infected computers are called Zombies or bots. They serve the interests of the vested few who control them. Once inside a PC, the installed malicious files perform all the functions they are programmed to do. They can install as a worm in the registry files.

Here are some of the dangerous ways in which botnets can be used:

Recording Keystroke information or Keylogging - With the help of a keylogger it is very easy for an attacker to retrieve sensitive information. This helps in stealing secret data.

Illegal pay per click advertising & Browser help Objects - Well know companies like Google, yahoo etc run advertisements. Bonnets can be used for financial gain.

Spamming – The Zombie machine can then be used for nefarious tasks such as spamming. With the help of a botnet and thousands of bots, an attacker is able to send massive amounts of bulk email (spam). The spammer stays anonymous.

Abuse of Google Adsense: AdSense offers companies the possibility to display Google advertisements on their own website and earn money this way. An attacker can abuse this program by leveraging his botnet to click on such advertisements in an automated fashion and thus artificially increments the click-counter.

Manipulating online polls - Since every bot has a distinct IP address, every vote will have the same credibility as a vote cast by a real person. Online games can be manipulated in a similar way.

Identity Theft – The controller controlling a botnet can collect a lot of personal information. Such data can then be used to build fake identities, which can be used to obtain access to personal accounts or perform various operations putting the blame on someone else. The controller never seems to be the one doing the theft.

ID Phishing Email: Here is an example of Barcalays letter by Phishing Scam email using botnet techniques. See also this BBC news

Computers with an ADSL always-on connection are at a greater risk since they usually have the machines connected to the net always. When protective software such as up to date anti virus software and proper firewalls are not used the computers are exposed to risks. Botnet operators are people with a high degree of crooked intelligence. They are light years ahead in their thinking and act in well organized crimes. The botnet controller might not be the one who has written the code. These people work in groups with amazing coordination. They often work with fake bank accounts and keep changing places with no permanent base. It is very difficult to catch a botnet controller. Very few crimes are brought to notice.

It is wise to have adware anti-spy software and the latest anti-virus software and protect your PC in every way possible. Keep your system updated, downloading patches and system updates for both the OS and for all applications accessing the web. Use qutomatic updates option to download regularly from Microsoft. Have a firewall. Try to minimize or deactivate support for scripting languages such as ActiveX and JavaScript. Also protection is necessary at the ISP level which is not in an individual’s hands. There is every chance the PC you are working on right now is serving some ones interests and you may be unaware. In a nutshell; a botnet affected computer is not fully owned by the owner but by some one else.

No comments: