"Bots" Fastest Growing Malware Threat
Jul 3, 2007 12:45 PM
Predicting that bots will be the fastest growing malware threat of the year, Sana Security Inc., a behavioral security software company, issued a security warning to Internet users about the increasing danger posed by the malicious Web robots, and about the increasing use of a new, stealthy variant based on peer-to-peer technology that makes them even harder to detect and remove.
Already surpassing the 413 percent growth rate seen for rootkits last year, the bot problem, in Sana's view has already become a significant area of focus for online tech support services, credit monitoring companies, and other organizations serving consumers.
While such malicious bots have posed a threat for many years, recent developments have caused more urgent concern. First, bot makers are now employing peer-to-peer technologies to enable bots to communicate amongst themselves and with the botmaster controlling them, making them "invisible" on the network and making bot networks much more difficult to track down and dismantle. Also, rootkit and stealth technologies such as polymorphism are being used more frequently to hide infections and frustrate removal.
Second, due to the boom in the number of people conducting commerce on the Internet, bots are engaging in more sinister and profit-oriented exploits, including identity theft, distributed denial of service attacks, password and username theft, click fraud, "phishing," key logging, generating spam email and even spreading other malware.
"Data collected by Sana shows that bots now represent 43 percent of all the malware we are observing in the wild, and we are confident that the growth in bots this year will far surpass the 413 percent growth rate for rootkits last year," says Don Listwin, CEO for Sana Security. "Most of the growth statistics out there fail to account for the rapid increase in the use of stealthy technologies such as P2P communications that hide these bots from the network detection methods used to compile these statistics, and these new bots are literally flying in under the radar."
Most recently, the FBI and the U.S. Department of Justice announced they had identified more than 1 million botnet crime victims in the United States as part of Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle these botnets. Operation Bot Roast was launched because the national security implications of the growing botnet threat are broad. "The majority of the victims are not even aware that their computers have been compromised or their personal information exploited," says FBI assistant director James Finch, who heads the FBI's Cyber Division.
The U.S. Department of Homeland Security calls bots and bot networks "one of the rising problems in today's networks," and says they can be found on all networks, including government and military, academic and corporate enterprise systems. According to the DHS, most malicious bots are not designed to act alone, but rather as a member of a bot network, or "botnet," and while some botnets have been seen with thousands of members, even a few hundred bots in a channel can cause significant damage. Bots are almost always placed on the victim's computer without the knowledge of the computer's owner, and remain silent until given commands, but some may "report for duty" with a word, phrase, or even a dot or period in a command channel.
YourTechOnline, a provider of 24-hour online technical support, reports that most computer users are not even aware that their systems have been compromised by bots. Usually it's when the customer begins to notice the performance of their system has degraded somewhat that YourTechOnline is called in to fix it. Only then do they find the customer's computer has become a "zombie" that has started working mindlessly for someone else.
An increasing number of these zombie computers have been enlisted as spam relays, and many of YourTechOnline's customers tell them their Internet service provider has locked their account until they get their computers cleaned up. Other customers' computers have been used by their botmasters to participate in distributed denial of service (DDoS) attacks.
"Users probably don't realize that by allowing their computers to become part of a DDoS attack, they may be committing a federal offense, and it's the responsibility of all computer users to verify that their computer has not become hijacked by this kind of malware," says Dhugael McLean, chief technology officer for YourTechOnline.
Want to use this article? Click here for options!
© 2014 Penton Media Inc.
Today's New Product
In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.