Basic facts about the zombie menace
Computerworld - Botnets are networks of computers taken hostage by malware that controls them and makes them send spam and act in other nefarious ways. They're growing in size, number and impact. A botnet may be remotely controlled by the creators of the malware that drives it (hence the "zombie" appellation) or it may be rented out by spammers or other persons of ill will. There is no known beneficial use for botnets.
Botnets were originally created to send spam. They were useful for that purpose because they masked the location and identity of the spammer, making it difficult for early spam-blockers to stop their flood of Viagra-selling and stock-swindling e-mail messages. Currently, they're also used to launch denial of service attacks, manage adware campaigns, monitor user activity by logging keystrokes, or steal anything or any behavior from a computer that looks as if it might have value.
Botnets are created by a worm program that's usually transmitted through a spam campaign, a spyware program or an adware campaign that leaves a program or other file behind. When a user clicks on a link that downloads a file of some type (which doesn’t even have to appear to be an executable file), it installs a botnet client, also known as a zombie, that can be controlled from afar.
All this mayhem is remarkably invisible to the user sitting in front of the infected machine. It's uncommon for a machine inducted into a botnet to display any obvious sign of trouble, though users may notice periodic sluggishness with their net connections. (It's not common for a botnet to deploy any single zombified computer constantly, making it even harder for spam-blockers or other monitors to pinpoint a troubled machine.)
The botnet client program and the method for transmitting it or its progenitor may appear to be completely legitimate. "The bad guys have gotten very good at this," says Ironport Vice President of Technology Patrick Patterson, "and so, for example, they use a legitimate-looking notification of a software update to sneak their bot client onto a machine." Symantec’s senior manager of security response, Dean Turner, adds, "Of course, no legitimate software company is going to notify you that way, but that doesn’t stop people from clicking through anyway." It’s sort of like phishing, only in this case it’s for access to a user’s computer rather than for a user’s money.
Once the botnet client is loaded, things happen quickly. The first thing a botnet client does when it is activated is to "call home," usually using the IRC channel. That contact establishes a communications link between the client and its manager and sets things up for future instructions, which may come right away or may be delayed.
Ferris Research lead analyst for e-mail security Richi Jennings notes that virus writing today has become a real business. "Today the virus writers are focused more on execution than on spreading," he says, "and their programs spread very quickly and do damage almost immediately. Remember, this is for cash, not for notoriety."
Want to learn more? See Four steps to battling botnets.
See additional Computerworld QuickStudies
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts