- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
The CIO-level business angle on the latest tech
Network World recently published a couple of articles about botnets that raised my interest in the subject. First there was Ellen Messmer's article, "The botnet world is booming." It was followed by her next article, "America's 10 most wanted botnets." Together these articles paint a dire picture of botnets taking over PCs -- the ones on corporate networks as well as the ones we use at home.
I wondered just how deep and wide the botnet problem goes. What I learned with just a little bit of research is enough to make you want to return to the days of stand-alone computing. The reality is worse than most people suspect. Let me share nine known things about botnets that will scare your pants off. At the very least, perhaps this article will prompt you to step up your effort to keep your corporate PCs off the illicit botnets.
1. The process of developing software that creates and controls botnets has reached a professional level. Forget script kiddies that are out for kicks; developers are in it to make a lot of money. The techniques they use to create malware or command and control software are as sophisticated as those used by any commercial software company. What's more, this underground development community is very cooperative -- almost like a legitimate open source community. Software is packaged and sold or passed around, and developers add their "personal touches" to create many variants of the malware. Finjan reports that the Golden Cash network operated by cybercriminals provides an exploit toolkit as well as an attack toolkit to distribute malware.
2. Once a PC is on a botnet, the use of that PC can be bought and sold many times. For example, the Golden Cash network is a vast botnet exchange. Cyberthieves purchase malware-infected PCs from anyone in the underground market, and then bundle them and resell them to criminals who want to rent the use of a botnet. This provides a great incentive for criminals to create even larger botnets.
4. The malware that turns the PC into a bot can hide as a rootkit, making it exceptionally hard to detect and eradicate the malware. The Torpig botnet, as an example, implants Mebroot on the victim PC. Mebroot is a rootkit that replaces the system's Master Boot Record. Therefore, the PC is under the attacker's control even before the operating system loads.