Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

In Depth

Technology

Online crime

Taking on the zombie botnets

March 19, 2007

On February 5, 2007, a massive attack flooded web infrastructure company UltraDNS with huge amounts of data, almost bringing down several of the servers that run the entire internet. Who was responsible?

Well, if you're one of millions of people who've unknowingly had your computer hijacked and made part of a malicious botnet, it could have been you.

A botnet, or robot network, is a group of web-linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perpetrate all kinds of online nastiness.

Typically a 'bot' is installed on a machine through a trojan, an insidious program that can find its way into an insufficiently protected computer in a variety of ways, such as when a user clicks on a link to an infected web page or e-mail message, views an infected document, or runs an infected program.

Once the bot has made itself at home, it "opens the doors" of its new host computer to its master, who can instruct the machine to engage in various nefarious activities such as sending out spam and phishing e-mails, or launching the distributed denial of service or DDOS attacks like the kind that almost brought down the internet.

In some cases, these nasty little robots can steal personal data and return it to a central site to be used for identity theft purposes.

Good bots gone bad

Originally, bots were benign tools used primarily by programmers to perform repetitive functions on the web. However, in the past few years bots and botnets have been turned into mechanisms that have made web criminals much more efficient — and dangerous.

Joe Stewart, senior researcher at security firm SecureWorks in Atlanta, says that, "Bots began to get more sophisticated towards the end of the nineties.

Quick facts

MALWARE is a catch-all term for malicious software such as computer viruses, spyware and so on that compromise the security or function of people's computers.

PHISHING is a technique in which criminals try to trick people into disclosing sensitive information such as online banking names and passwords and is often conducted through e-mails.

PHARMING is an attack in which malicious individuals try to redirect traffic from one website to a false one.

"People started creating special purpose bots, and selling them to spammers and others. One crime led to another, and people started using them to extort money out of websites by launching attacks, for example, against online gambling sites. In the days before the Super Bowl, they'd say 'Hey, we're going to take your site down unless you pay us thousands of dollars.'"

One group that is trying to fight back is headed by Thorsten Holz is a PhD student at the University of Mannheim. He is founder of the German Honeynet Project, a group that deliberately sets up unprotected computers with the goal of attracting bots, in order to entrap their owners.

Holz notes that back in 2001 and 2002, computer 'worms' were spreading and compromising hundreds of thousands of machines. But back then, the attacker had no control over how the worm behaved once it was released.

"The main difference between worms and bots," says Holz, "is that bots offer a communication channel, and the attacker can send commands, which are then obeyed by all the bots."

Vincent Weafer, senior director of development at security firm Symantec, agrees and says further that botnets have facilitated a whole new era of cybercrime.

"We've seen a very dramatic shift in the cyberthreat landscape, moving away from the teenagers and the attacks motivated by publicity," he said. "Those have really died away, and we've entered a new area of cybercrime, where stealth, identity theft, fraud, have really become the mantra."

A global problem

No one knows exactly how many personal and business computers have been compromised in this fashion, but some estimates range as high as 150 million around the world — which would be about a quarter of all the machines attached to the internet.

The statistics around the growth of botnet-associated crime are shocking. For example, the Anti-Phishing Working Group, in its December 2006 report, indicated that they were aware of 28, 531 websites in Dec. 2006, up from 7,197 in Dec 2005 that were involved with phishing, or pretending to be a legitimate concern in order to con personal data from an internet user. That's a 250 per cent increase in a single year.

SecureWorks' Stewart is unequivocal about the impact of botnets. "You can't really run any type of online crime — phishing or spam or DDOS extortion — without some sort of botnet."

What's more, as Symantec's' Weafer observes, "botnets are used and rented almost like a service."

As a result, even the technically illiterate criminal can now engage relatively easily in online larceny.

Impact on the public

Jose Nazario, security engineer with Arbor Networks, notes that for the unsuspecting users of infected machines, one other issue to be concerned with is the theft of computing resources or bandwidth. "It's not uncommon to see people have their broadband lines shut off because their machines are spewing all this filth onto the internet," he said.

The far bigger problem, however, is theft of information and identities.

Arbor and other security firms have tools allowing them to intercept communications between bots and their home servers, and Nazario said that, "Watching our botnet tracking logs, we're able to constantly see all this credit card, bank account and other information going by that's been picked up off of these infected machines."

'Watching our botnet tracking logs, we're able to constantly see all this credit card, bank account and other information going by that's been picked up off of these infected machines.'

— Jose Nazario, Arbor Networks

Programs like this are becoming increasingly common, because they're extremely lucrative for criminals. Symantec reports that in 2006, 30 of the 50 top malicious code samples, software with an ulterior purpose, were designed to expose a user's confidential information in some way.

The bottom line, according to the experts, is that the botnet problem has become so pervasive that anyone with a computer and an internet connection is at risk. As Symantec's Weafer says "People believe it will happen to somebody else. They say 'I'll never become a victim, because who cares about me?'

"But attackers do, because if they add you to everybody else, that's a lot of money for them."

Go to the Top

Menu

Main page

Technology

Green machines
Disk drive: Companies struggle with surge in demand for storage
Open season: Will court decision spur Linux adoption?
Analogue TV
Video games: Holiday season
Video games: Going pro
Guitar Hero
Parents' guide to cheap software
Working online
Laptop computers for students
Technology offers charities new ways to attract donations
The invisible middleman of the game industry
Data mining
Two against one
The days of the single-core desktop chip are numbered
Home offices
Cyber crime: Identity crisis in cyberspace
Yellow Pages - paper or web?
Robotics features
iPhone FAQ
Business follows youth to new online world
A question of authority
Our increasing reliance on Wikipedia changes the pursuit of knowledge
Photo printers
Rare earths
Widgets and gadgets
Surround Sound
Microsoft's Shadowrun game
Dell's move to embrace retail
The Facebook generation: Changing the meaning of privacy
Digital cameras
Are cellphones and the internet rewiring our brains?
Intel's new chips
Apple faces security threat with iPhone
Industrial revolution
Web developers set to stake claim on computer desktop with new tools
Digital photography
Traditional film is still in the picture
HD Video
Affordable new cameras take high-definition mainstream
GPS: Where are we?
Quantum computing
What it is, how it works and the promise it holds
Playing the digital-video game
Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
Online crime
Botnets: The end of the web as we know it?
Is Canada losing fight against online thieves?
Malware evolution
Money now the driving force behind internet threats: experts
Adopting Ubuntu
Linux switch can be painless, free
Sci-fi projections
Systems create images on glass, in thin air
Power play
Young people shaping cellphone landscape
Digital cameras
Cellphone number portability
Barriers to change
Desktop to internet
Future of online software unclear: experts
Complaining about complaints systems
Canadian schools
Multimedia meets multi-literacy age
Console showdown
Comparing Wii, PS3 and Xbox 360 networks
Social connections
Online networking: What's your niche?
Virtual family dinners
Crackdown
Xbox 360 console game
Vista and digital rights
Child safety
Perils and progress in fight against online child abuse
Biometric ID
Moving to a Mac
Supply & demand
Why Canada misses out on big gadget launches
Windows Vista
Computers designed for digital lifestyle
Windows Vista
What's in the new consumer versions
Cutting the cord
Powering up without wires
GPS and privacy
Digital deluge
RFID
Consumer Electronics Show
Working online
Web Boom 2.0 (Part II)
GPS surveillance
Hits and misses: Best and worst consumer technologies of 2006
Mars Rovers
Voice over IP
Web Boom 2.0
Technology gift pitfalls to avoid
Classroom Ethics
Rise of the cybercheat
Private Eyes
Are videophones turning us into Big Brother?
Windows Vista
Cyber Security
Video games: Canadian connections to the console war
Satellite radio
Portable media
Video games
Plasma and LCD
Video screens get bigger, better, cheaper
Video games:
New hardware heats up console battle
High-tech kitchens
Microsoft-Novell deal
Lumalive textiles
Music to go
Alternate reality
Women and gadgets
High-tech realtors
The itv promise
Student laptops
Family ties
End of Windows 98
Bumptop
Browser wars
Exploding laptop
The pirate bay
Stupid mac tricks
Keeping the net neutral
PS3 and WII at E3
Sex on the net
Calendars, online and on paper
Google, ipod and more
Viral video
Unlocking the USB key
Free your ipod
In search of
Xbox
Sony and the rootkit
Internet summit
Electronic surveillance
[an error occurred while processing this directive] [an error occurred while processing this directive]
Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »