Saturday, December 18, 2010

Botnet Attacks

Networks of compromised computers controlled by a central server, better known as botnets, are the preferred tools for online criminals.

Hackers can use these co-opted systems to churn out spam, host malicious code, hide their tracks on the Internet, or flood a corporate network to cut off its access to the Web.

Whenever a new botnet appears, researchers race to reverse engineer the software it installs on a victim's machine, and to decode the way each bot communicates with the controlling server. Because these communications are often encrypted, such analyses can take weeks or months.

Launching botnet attacks is easy and readily available to individuals either for free or for a license fee to a criminal group. For instance, hacker group known as UpLevel developed Zeus, a point-and-click program for creating and controlling a network of compromised computer systems, also known as a botnet.

The latest version of this software, which can be downloaded for free and requires very little technical skill to operate, is one of the most popular botnet platforms for spammers, fraudsters, and people who deal in stolen personal information.

Some of the best known recent bots are the BredoLab with 30 million infections, Mariposa with 12 million infections, Conficker with over 10 million infections and Zeus wit over 3 million infections. There a hundred others, which are often minor variations but rapidly launched  versions of widely deployed botnets.

A botnet's originator (aka "bot herder" or "bot master") can control a group of bots remotely thereby magnifying the severity of an attack. There are numerous techniques for defying bot attacks or preventing a bot from getting implanted. Almost all of such techniques depend on the rapidity with which a bot attack is detected, identified and then deflected.

From the standpoint of DoD a substantial reduction of the “attack surface”, e.g. “fat” clients, will reduce the number of computers where a bot attack can be deployed.