Network Security News

Internet reflects all the events of the 'real', physical world; it mirrors all the trends and implements them in fascinating ways. It has its crime, as well. The major threat are and will be the so-called botnets - the systems infected my ,malicious software, capable of acting simultaneously and destructively, all at once. DoD Buzz elaborates this in BotNets Biggest Cyber Threat.

This is what it tells: the US has long pondered how best to use its offensive cyber capabilities and has long shied away from using them, fearful that we might pull down the Internet curtain on ourselves if we tried to wipe out an enemy’s networks. The New York Times ran a piece this weekend about just how daunting is this balancing act.

The central point of the Times’ piece: “We knew we could pull it off — we had the tools,” said one senior official who worked at the Pentagon when the highly classified plan was developed.

But the attack never got the green light. Bush administration officials worried that the effects would not be limited to Iraq but would instead create worldwide financial havoc, spreading across the Middle East to Europe and perhaps to the United States.

One of the reasons for that concern is that BotNets — networks of infected computers that can be controlled without the owner knowing it — have become what Kevin Coleman says is “a critical problem that must be addressed.” BotNets cross borders with impunity, just as a US cyber attack might. So attacking computers in one country could end up with an ally of an enemy attacking us or we could end up seriously degrading the capabilities of neutral or friendly countries that share borders and Internet infrastructure with an enemy.

Kevin’s piece on Defense Tech goes into detail about the scope of the BotNet threat and asks the question: Should governments pass laws requiring software that would make it difficult to create BotNets.

His story follows:

BotNets have become a critical problem that must be addressed. They have evolved to the point where evidence suggests they are now targeting and affected cell phones. A BotNet is a collection of compromised computers that have been infected with software that allows the computer to be controlled remotely by the BotMaster. Each computer represents a node on the BotNet that is often referred to as a zombie.

Last year the Georgia Tech Information Security Center (GTISC) reported that 10 percent of online computers were part of BotNets. This year GTISC researchers estimate that BotNet affected machines may comprise 15 percent of online computers- a fifty percent growth in one year. Based on that number, there are 34 million computers in the United States that have been compromised and are now part of a BotNet. According to the CIA World Fact Book, there are about 1.5 billion internet users. When you factor in multiple devices per user and shared computers we estimate there are about 1.3 billion user devices connected to the Internet currently. Using the GTISC 15 percent compromise factor that translates to an estimated 195 million bots. According to one report some 150,000 computers become infected every day and join the millions of zombies that make up the BotNets.

This is not just thrown together software. The software used to establish Bots and control BotNets has now risen to professional status. Multiple automated propagation vectors are used to spread various payloads that include worms, viruses and Trojans that allow remote control of the infected computer. Another alarming trend is the use of rootkits. The malicious code that turns the PC into a Bot is being hidden in a rootkit and this is making it exceptionally difficult to defend against, detect and eradicate the Botware. These compromised computers are under the total control of a BotMaster and form a BotNet that can be tasked with bombarding a web site with so much traffic it crashes. That is what is known as a distributed denial of service attack (DDoS). Two relatively new trends have emerged. Malware writers have begun to offer malicious software as a service to those who control BotNets and BotMasters are selling the services of the BotNets they control on a traffic generated by their BotNet basis. BotNets that are specifically created for DDoS attacks can be leased with costs ranging from $50 to $2,500 depending on the capacity used and the length of the attack. International law enforcement and militaries around the world are aware of and concerned about the widespread availability of cyber mercenary or BotHerders (those who operate and sell BotNet capacity), and the fact that they have been hired by countries to do espionage and other dirty deeds.

The problem of botnets is an international problems; due to decentralized nature of cyberspace, one can't just tell there is a country or countries that are responsible for a given threat's elimination. Botnets evolve quickly; their owners are the new type of cyber-crime, and the issues of security have risen to global scope. Investigating and modeling botnets, as well as studying the psychological matters related to this type of cyber-attacks should now be in focus of isseus of security of any company carrying out its business in Internet.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.