In Depth
Technology
Online crime
Taking on the zombie botnets
March 19, 2007
By Patrick Metzger, CBC News
On February 5, 2007, a massive attack flooded web infrastructure company UltraDNS with huge amounts of data, almost bringing down several of the servers that run the entire internet. Who was responsible?
Well, if you're one of millions of people who've unknowingly had your computer hijacked and made part of a malicious botnet, it could have been you.
A botnet, or robot network, is a group of web-linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perpetrate all kinds of online nastiness.
Typically a 'bot' is installed on a machine through a trojan, an insidious program that can find its way into an insufficiently protected computer in a variety of ways, such as when a user clicks on a link to an infected web page or e-mail message, views an infected document, or runs an infected program.Once the bot has made itself at home, it "opens the doors" of its new host computer to its master, who can instruct the machine to engage in various nefarious activities such as sending out spam and phishing e-mails, or launching the distributed denial of service or DDOS attacks like the kind that almost brought down the internet.
In some cases, these nasty little robots can steal personal data and return it to a central site to be used for identity theft purposes.
Good bots gone bad
Originally, bots were benign tools used primarily by programmers to perform repetitive functions on the web. However, in the past few years bots and botnets have been turned into mechanisms that have made web criminals much more efficient — and dangerous.
Joe Stewart, senior researcher at security firm SecureWorks in Atlanta, says that, "Bots began to get more sophisticated towards the end of the nineties.
Quick facts
MALWARE is a catch-all term for malicious software such as computer viruses, spyware and so on that compromise the security or function of people's computers.
PHISHING is a technique in which criminals try to trick people into disclosing sensitive information such as online banking names and passwords and is often conducted through e-mails.
PHARMING is an attack in which malicious individuals try to redirect traffic from one website to a false one.
"People started creating special purpose bots, and selling them to spammers and others. One crime led to another, and people started using them to extort money out of websites by launching attacks, for example, against online gambling sites. In the days before the Super Bowl, they'd say 'Hey, we're going to take your site down unless you pay us thousands of dollars.'"
One group that is trying to fight back is headed by Thorsten Holz is a PhD student at the University of Mannheim. He is founder of the German Honeynet Project, a group that deliberately sets up unprotected computers with the goal of attracting bots, in order to entrap their owners.
Holz notes that back in 2001 and 2002, computer 'worms' were spreading and compromising hundreds of thousands of machines. But back then, the attacker had no control over how the worm behaved once it was released.
"The main difference between worms and bots," says Holz, "is that bots offer a communication channel, and the attacker can send commands, which are then obeyed by all the bots."
Vincent Weafer, senior director of development at security firm Symantec, agrees and says further that botnets have facilitated a whole new era of cybercrime.
"We've seen a very dramatic shift in the cyberthreat landscape, moving away from the teenagers and the attacks motivated by publicity," he said. "Those have really died away, and we've entered a new area of cybercrime, where stealth, identity theft, fraud, have really become the mantra."
A global problem
No one knows exactly how many personal and business computers have been compromised in this fashion, but some estimates range as high as 150 million around the world — which would be about a quarter of all the machines attached to the internet.
The statistics around the growth of botnet-associated crime are shocking. For example, the Anti-Phishing Working Group, in its December 2006 report, indicated that they were aware of 28, 531 websites in Dec. 2006, up from 7,197 in Dec 2005 that were involved with phishing, or pretending to be a legitimate concern in order to con personal data from an internet user. That's a 250 per cent increase in a single year.
SecureWorks' Stewart is unequivocal about the impact of botnets. "You can't really run any type of online crime — phishing or spam or DDOS extortion — without some sort of botnet."
What's more, as Symantec's' Weafer observes, "botnets are used and rented almost like a service."
As a result, even the technically illiterate criminal can now engage relatively easily in online larceny.
Impact on the public
Jose Nazario, security engineer with Arbor Networks, notes that for the unsuspecting users of infected machines, one other issue to be concerned with is the theft of computing resources or bandwidth. "It's not uncommon to see people have their broadband lines shut off because their machines are spewing all this filth onto the internet," he said.
The far bigger problem, however, is theft of information and identities.
Arbor and other security firms have tools allowing them to intercept communications between bots and their home servers, and Nazario said that, "Watching our botnet tracking logs, we're able to constantly see all this credit card, bank account and other information going by that's been picked up off of these infected machines."
'Watching our botnet tracking logs, we're able to constantly see all this credit card, bank account and other information going by that's been picked up off of these infected machines.'
— Jose Nazario, Arbor Networks
Programs like this are becoming increasingly common, because they're extremely lucrative for criminals. Symantec reports that in 2006, 30 of the 50 top malicious code samples, software with an ulterior purpose, were designed to expose a user's confidential information in some way.
The bottom line, according to the experts, is that the botnet problem has become so pervasive that anyone with a computer and an internet connection is at risk. As Symantec's Weafer says "People believe it will happen to somebody else. They say 'I'll never become a victim, because who cares about me?'
"But attackers do, because if they add you to everybody else, that's a lot of money for them."
Menu
Technology
- Green machines
- Disk drive: Companies struggle with surge in demand for storage
- Open season: Will court decision spur Linux adoption?
- Analogue TV
- Video games: Holiday season
- Video games: Going pro
- Guitar Hero
- Parents' guide to cheap software
- Working online
- Laptop computers for students
- Technology offers charities new ways to attract donations
- The invisible middleman of the game industry
- Data mining
- Two against one
- The days of the single-core desktop chip are numbered
- Home offices
- Cyber crime: Identity crisis in cyberspace
- Yellow Pages - paper or web?
- Robotics features
- iPhone FAQ
- Business follows youth to new online world
- A question of authority
- Our increasing reliance on Wikipedia changes the pursuit of knowledge
- Photo printers
- Rare earths
- Widgets and gadgets
- Surround Sound
- Microsoft's Shadowrun game
- Dell's move to embrace retail
- The Facebook generation: Changing the meaning of privacy
- Digital cameras
- Are cellphones and the internet rewiring our brains?
- Intel's new chips
- Apple faces security threat with iPhone
- Industrial revolution
- Web developers set to stake claim on computer desktop with new tools
- Digital photography
- Traditional film is still in the picture
- HD Video
- Affordable new cameras take high-definition mainstream
- GPS: Where are we?
- Quantum computing
- What it is, how it works and the promise it holds
- Playing the digital-video game
- Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
- Online crime
- Botnets: The end of the web as we know it?
- Is Canada losing fight against online thieves?
- Malware evolution
- Money now the driving force behind internet threats: experts
- Adopting Ubuntu
- Linux switch can be painless, free
- Sci-fi projections
- Systems create images on glass, in thin air
- Power play
- Young people shaping cellphone landscape
- Digital cameras
- Cellphone number portability
- Barriers to change
- Desktop to internet
- Future of online software unclear: experts
- Complaining about complaints systems
- Canadian schools
- Multimedia meets multi-literacy age
- Console showdown
- Comparing Wii, PS3 and Xbox 360 networks
- Social connections
- Online networking: What's your niche?
- Virtual family dinners
- Crackdown
- Xbox 360 console game
- Vista and digital rights
- Child safety
- Perils and progress in fight against online child abuse
- Biometric ID
- Moving to a Mac
- Supply & demand
- Why Canada misses out on big gadget launches
- Windows Vista
- Computers designed for digital lifestyle
- Windows Vista
- What's in the new consumer versions
- Cutting the cord
- Powering up without wires
- GPS and privacy
- Digital deluge
- RFID
- Consumer Electronics Show
- Working online
- Web Boom 2.0 (Part II)
- GPS surveillance
- Hits and misses: Best and worst consumer technologies of 2006
- Mars Rovers
- Voice over IP
- Web Boom 2.0
- Technology gift pitfalls to avoid
- Classroom Ethics
- Rise of the cybercheat
- Private Eyes
- Are videophones turning us into Big Brother?
- Windows Vista
- Cyber Security
- Video games: Canadian connections to the console war
- Satellite radio
- Portable media
- Video games
- Plasma and LCD
- Video screens get bigger, better, cheaper
- Video games:
- New hardware heats up console battle
- High-tech kitchens
- Microsoft-Novell deal
- Lumalive textiles
- Music to go
- Alternate reality
- Women and gadgets
- High-tech realtors
- The itv promise
- Student laptops
- Family ties
- End of Windows 98
- Bumptop
- Browser wars
- Exploding laptop
- The pirate bay
- Stupid mac tricks
- Keeping the net neutral
- PS3 and WII at E3
- Sex on the net
- Calendars, online and on paper
- Google, ipod and more
- Viral video
- Unlocking the USB key
- Free your ipod
- In search of
- Xbox
- Sony and the rootkit
- Internet summit
- Electronic surveillance
RELATED
- RFID and privacy: Tracking your patterns?
- Nike+iPod could be used to track user: study
- Canadian coins bugged, U.S. security agency says
- CBC science section
- Online I.D. theft
- Internet
- Computer security
- VoIP
- Spam