Attack of the killer bots
By
Julie Bort
,
Network World
, 07/06/2007
- Share/Email
- Tweet This
- Print
If malware were insects, botnets would be termites -- they burrow in behind the walls of your security perimeter, lie dormant
for a period of time, then attack.
Once a computer has been infested, it waits for orders from criminal bot herders, who turn these zombie computers into massive
bot networks that spew spam and other malware across the Internet.
You may not be able to block the botnet invasion completely, but with layers of bot-hunting technologies and common sense,
you can minimize the effect on your network.
'Everybody gets bots'
Before you can battle the bots, you've got to understand the scope of the problem. "We've been in denial about the scale of
the problem,'' says Michael Barrett, CISO of PayPal in San Jose, Calif.
In fact, in a recent survey of 394 Network World readers responsible for network security, a surprising 43.7% said that compromised clients were not a significant problem. Another 30.2% said that they have not seen
evidence that any computer on the network has ever been infected.
Just because nearly three-quarters of respondents aren't on high alert, it doesn't mean the threat isn't there, says Rick
Wesson, CEO of Support Intelligence, a San Francisco firm that tracks bot outbreaks. On any given day, his company's honeypot
will trap all kinds of insidious and fraudulent spam coming from zombie clients.
"The deal is that these bot herders are pretty smart, operating systems are very vulnerable, and everybody gets bots. Most companies run pretty tight networks, but the idea that you are not going
to have bot networks running on your systems is naive. We have a lot of data that says a sizable portion of the Fortune 1000
has bots," he says.
If the Fortune 1000 can't stop bots, smaller organizations and consumers don't have a prayer. The little guys have fewer resources
to perform security updates or to monitor their networks and machines for strange traffic patterns, says Ken Lloyd, director
of security for security service provider Cyveillance in Arlington, Va. Consumers are at the highest risk because they tend
to have the least security, Lloyd says.
"Enterprises have the problem, too, no doubt about it," says Martin Roesch, CTO of intrusion-detection software-maker Sourcefire. Enterprises are most vulnerable to roving machines that aren't properly set up to fight off malware
attacks. "That's when there's trouble -- it's people getting spammed over [instant messaging], or Trojans and viruses over IM, or getting these things in their in-box, or surfing where they shouldn't be with vulnerable versions of [Internet
Explorer] and Firefox," he says.
In fact, Gartner predicts that 75% of enterprises will be infected by bots by year-end.
Comments (7)
RE: Attack of the killer botsBy indy on July 6, 2007, 11:55 amI disagree with many tenets of this article. "If the Fortune 1000 can't stop bots, smaller organizations and consumers don't have a prayer." Re: Attack of...
Reply | Read entire comment
Hokus pokusBy Anonymous on July 9, 2007, 9:13 amSound management can address 99% of the network security issues without having to spend boat loads of money. Incidentally, bots are not the only problem managers...
Reply | Read entire comment
attack of the killer botsBy Anonymous on July 10, 2007, 11:46 amI assume that the attacks are primarily on windows users. I wish there might have been information for firefox Linux users also.
Reply | Read entire comment
What happens when employees take a laptop home?By Julie Bort on July 11, 2007, 1:02 pmSounds as if you have great security in place. But let me give you just one scenario of what happens with many companies. An employee takes a laptop home, surfs...
Reply | Read entire comment
operating systems are very vulnerable??By Brew1Brew on July 14, 2007, 12:26 amYeah, this article seems to indicate that ALL Operation systems are vulnerable, but Windows is not all operating systems and the world is not flat! Corporate...
Reply | Read entire comment
Defense in depthBy Herb Oxley on August 21, 2007, 5:40 pmIn the case of people taking laptops out into the "wild" there are things which can be done to minimize risk which are within a small company or non-profit's budget...
Reply | Read entire comment
View all comments