Microsoft sees botnets as top '07 Net threat
Undead PC armies 'where it's at for serious cybercriminals'
IDG News Service - If there's one thing that Aaron Kornblum would like to quash, it's the botnet armies.
These are the remote-controlled PCs that have been taken over without their users' knowledge. Symantec Corp. counted more than 4.5 million of them during the first six months of the year, and according to Kornblum, they are the backbone of today's cybercrime.
"Botnets are really where it's at for serious cybercriminals, because of their concentrated power," said Kornblum, a senior attorney with Microsoft Corp.'s Internet Safety Enforcement team. "That power can be used for all sorts of malicious conduct on the Internet."
These armies of compromised computers are behind such scourges as spam, phishing and denial-of-service attacks. More recently, the bad guys have been using botnets to boost Web advertising billings by automatically clicking on Internet ads, a practice known as clickfraud.
Kornblum is on a team that was created in 2002 to help crack down on cybercrime. A splinter group of three Microsoft employees who had been working on software piracy and counterfeiting, the team initially focused on computer viruses and spam. But it has since grown into a 65-person operation that has tackled child pornography, typo-squatting and, of course, the botnet threat.
Over the past year, Kornblum's group has helped law enforcement crack down on worldwide phishing scams, helping, for example, to take down a Bulgarian gang that had been spoofing Microsoft's own customer service team.
"Unfortunately, we continue to see phishing as a serious threat," Kornblum said.
Phishers have been getting more sophisticated and better at reproducing trusted Web sites. And lately they've also been taking on new targets that may not have the resources of major e-commerce or financial players.
"They're moving away from the top banking brands like Citibank ... and they're moving down to mid-level and smaller-market financial institutions like credit unions and community banks, which may not have done as much consumer education," Kornblum said.
Botnets are changing the economics of cybercrime, according to Daniel Druker, executive vice president of marketing with Postini Inc. "I call it grid computing gone bad," he said.
The botnet networks have emerged as the number one source of spam over the past year, giving spammers access to virtually unlimited bandwidth, he said.
Because spammers no longer have to pay for the messages they send, they can e-mail larger documents, such as image files, he said. And the bad guys have been able to use these distributed networks to make it harder for vendors such as Postini to identify and block spamming computers.
There typically are about 50,000 computers sending spam and malicious content at any given moment, Druker said. Usually, these computers will pop up and operate for about 45 minutes, and then go silent, making it hard for them to be identified.
A few years ago, Bill Gates predicted that the spam problem would be solved by the end of 2006, a prediction that proved to be seriously off the mark.
Kornblum, for his part, declined to guess when the botnet problem will be solved.
"The only certainty is that the problems and challenges will continue to evolve," he said. "They're all unique, though they're interrelated, certainly ... but botnets are the most dangerous at present, because of their power."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts