PC World - As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.
Botnets are rogue networks of compromised "zombie" PCs. Your machine can become infected if you visit a site and download tainted code disguised as a video, if you visit a site that itself has been compromised, or if a traditional virus or other piece of malware enters your system. Once a bot infects your PC, it calls out to its command-and-control (CnC) server for instructions. A bot is similar to a traditional Trojan horse; but rather than merely installing a keylogger or a password stealer (which it might still do anyway), a bot works with other infected PCs, compelling them all to act together, in some ways like a very large computer.
Spammers pay big money to have a bot blast their message to thousands of machines; in particular, Canadian pharmaceutical spam is big right now. Other uses for bots include attacks that shut down commercial Web sites, often paired with a ransom demand. Brisk business also exists in what's called fast flux: To keep phishing Web sites active, operators change domains frequently. Botnets provide a quick and easy means to do so, and, according to security firm Kaspersky, botnet owners charge big money for that service.
In July, the ShadowServer Foundation, a group specializing in sharing information about botnets, reported that the number of identified botnets grew from 1500 to 3500 in the last two years. Each of those 3500 networks could contain several thousands of compromised PCs--and any given PC could be infected by multiple bots.
In raw numbers, the United States and China are the homes of most of the bot-infected machines, says Jose Nazario, manager of security research at Arbor Networks. "I think it's very safe for most PC users to assume they are part of a botnet," he says. "It's a very dangerous Internet for most folks."
Botnets live or die depending on communications with their CnC servers. Those communications can tell researchers how large a botnet is. Similarly, the flood of communications in and out of your PC helps antimalware apps detect a known bot. "Sadly, the lack of antivirus alerts isn't an indicator of a clean PC," says Nazario. "Antivirus software simply can't keep up with the number of threats. It's frustrating [that] we don't have significantly better solutions for the average home user, more widely deployed."
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts