Skip Links

Nine things about botnets that will scare your pants off

IT Best Practices Alert By Linda Musthaler, Network World
July 30, 2009 01:33 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Network World recently published a couple of articles about botnets that raised my interest in the subject. First there was Ellen Messmer's article, "The botnet world is booming." It was followed by her next article, "America's 10 most wanted botnets." Together these articles paint a dire picture of botnets taking over PCs -- the ones on corporate networks as well as the ones we use at home.

I wondered just how deep and wide the botnet problem goes. What I learned with just a little bit of research is enough to make you want to return to the days of stand-alone computing. The reality is worse than most people suspect. Let me share nine known things about botnets that will scare your pants off. At the very least, perhaps this article will prompt you to step up your effort to keep your corporate PCs off the illicit botnets.

1. The process of developing software that creates and controls botnets has reached a professional level. Forget script kiddies that are out for kicks; developers are in it to make a lot of money. The techniques they use to create malware or command and control software are as sophisticated as those used by any commercial software company. What's more, this underground development community is very cooperative -- almost like a legitimate open source community. Software is packaged and sold or passed around, and developers add their "personal touches" to create many variants of the malware. Finjan reports that the Golden Cash network operated by cybercriminals provides an exploit toolkit as well as an attack toolkit to distribute malware.

2. Once a PC is on a botnet, the use of that PC can be bought and sold many times. For example, the Golden Cash network is a vast botnet exchange. Cyberthieves purchase malware-infected PCs from anyone in the underground market, and then bundle them and resell them to criminals who want to rent the use of a botnet. This provides a great incentive for criminals to create even larger botnets.

3. Botnets use multiple automated propagation vectors to spread, including spam, worms, viruses and drive-by download attacks. For instance, legitimate Web sites are often compromised with HTML tags that force a victim's browser to download JavaScript code from a server that's controlled by the attacker. That code can launch a number of exploits against the unsuspecting PC. If any of the exploits is successful, the PC can become the next zombie on the botnet, making it easier than ever for the attacker to collect new nodes on his illicit network.

4. The malware that turns the PC into a bot can hide as a rootkit, making it exceptionally hard to detect and eradicate the malware. The Torpig botnet, as an example, implants Mebroot on the victim PC. Mebroot is a rootkit that replaces the system's Master Boot Record. Therefore, the PC is under the attacker's control even before the operating system loads.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News