Profile Facebook Twitter My Space Friendster Friendfeed You Tube
Kompas Tempo Detiknews
Google Yahoo MSN
Blue Sky Simple News Simple News R.1 Simple News R.2 Simple News R.3 Simple News R.4

Friday, February 11, 2011

The PC, Hijacked - Why You Should Beware Botnets

articles, botnets, malmware
Once upon a time, viruses could only spread between computers with human help. An infected PC tended to spread the infection via floppy disks or other removable media, but that was about it. Network connections were a luxury, and typically existed in the form of a dial-up link, so viruses that spread by networks were rare.

Now we live in an age of broadband, wireless, and always-on network connections, where virus infections can spread like their real-life disease counterparts. Worse, many virus infections aren’t just about one PC they’re about how many PCs can be infected with the same virus. In some cases, a single malicious program can infect many computers, gang up via their host computers across the network, and form a giant stealth web of computers, all dedicated to cybercrime.

The term botnet has been coined to describe these networks. They’re one of the biggest PC security problems of the age—easy to spread, hard to stop, and a major nexus for everything from networkbased attacks on Web sites to financial fraud. Worst of all, if your computers get recruited into a botnet, it means your resources—the bandwidth you pay for, the computing power you’ve invested in—are now being exploited by someone else.


Basics Of Botnets

Botnet software spreads like any other virus, typically through whatever security holes are most available at any given time. For most of the last couple of years, many computer infections were delivered through Flash banner ads, as Adobe’s Flash software contained critical vulnerabilities. Web sites can also be hijacked and used to surreptitiously spread botnet software directly through the site.

A botnet-infected computer—referred to as a “zombie”—might not show any outward signs of a problem. In the background, though, it might be doing anything: sending out thousands of spam emails, harvesting financial information from the machine it’s running on, or bombarding other computers in an attempt to infect them as well. Ram Mohan, executive VP and chief technology officer at Afilias, has aptly described botnets as “the Swiss Army knife of [Internet] attack tools.” Because botnets can operate on a PC without any obvious symptoms, it’s not uncommon for a machine to be infected for months at a time without the user knowing.

Once a botnet has grown to a decent size, it can be rented out by its controllers, in whole or in part, for the purpose of committing crimes. There’s no one kind of activity that botnets limit themselves to, but they all have the common denominators of being profitable, illegal, and dangerous to the people whose computers have been infected. A criminal group, for instance, might pay the controllers for a certain amount of access to a botnet in order to distribute spam. A recent FBI operation uncovered a cyber-theft ring that used botnets to steal banking credentials and then siphon money out of the victims’ bank accounts through “money mules” who were paid a percentage for acting as intermediaries.

Botnets can become enormous. One of the largest, the Mariposa botnet, was tens of millions of computers strong when the FBI busted its ringleaders. Another, Conficker, which has been used both to send spam and to install fake security software (in order to scam the unwary, another common botnet use), has also infected more than 10 million machines. But a botnet doesn’t have to be large to be problematic. In fact, the trend among botnet creators seems to be shifting toward the creation of many smaller, separately controlled botnets because they are more difficult to stamp out than a few big ones.

The most frustrating thing about botnets is their resiliency. If one command-and-control center for a botnet is shut down—or if an entire botnet is taken offline—another one typically springs up in its wake. A $250,000 bounty offered by Microsoft for the creators of Conficker has thus far turned up nothing—perhaps because those who pay for the privilege of using botnets can rake in far more money than that illegally.

Don’t Let Your Systems Become Targets
Because botnets are malware, any computers that are already vulnerable to malware are potential botnet targets. For volume 9 (Jan. 1 through June 20, 2010) of Microsoft’s “Security Intelligence Report,” Microsoft based its findings on Malicious Software Removal Tool reports. (MSRT is the company’s free software for ridding computers of common botnet infections.) Microsoft found the most heavily infected version of Windows was Windows XP; specifically, WinXP Service Pack 2, which had an infection rate almost six times higher than Windows 7 and roughly twice that of Windows Vista (all editions). The least-infected version was Windows Server (all editions), mostly because it tends to ship in a more locked-down state than desktop Windows versions.

To that end, many of the best ways to protect against botnets also involve protecting against malware generally. If you have an existing system-protection program (that is, an antivirus-and-firewall application), that’s a start. Beyond that, don’t run any software that hasn’t been thoroughly vetted for safety, keep all existing software up to date (that includes add-ons or plug-ins, such as Adobe Flash or Apple QuickTime), and be mindful of suspicious behavior such as excessive network slowness. You can use Microsoft’s MSRT utility (www.microsoft.com/security/malwareremove) along with free tools such as Trend Micro’s Housecall (housecall.trendmicro.com) to help clean infected Windows systems individually.

Additional Pre-emptive Tools & Tactics
Because infected Web sites are a common source of botnet infections, tools have emerged to preemptively check sites you haven’t previously visited for possible malicious behavior. The URLVoid.com site, for example, lets you do that without ever having to visit the site in question. Go to www.urlvoid.com, enter a Web address in the search box, and click the Scan Now button; URLVoid.com will attempt to detect whether or not a botnet or other malware has taken control of the site.

Finally, migrating away from older, more vulnerable versions of Windows in the long run is also a good idea. If you’re still using WinXP, the fact that Win7 is markedly more secure is a good reason all by itself. ▲

Related Post:

Widget by [ Iptek-4u ]

0 comments:

Post a Comment

 
Copyright © 2010 - All right reserved