A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.
Botnets are used for everything from delivering spam, phishing attacks, data theft, to distributed denial of service attacks. Most botnets sell 'space' or 'services' on the botnet to bidders who may then deliver additional malware or use it for additional malicious purposes. These botnets-for-hire make it difficult to define what any specific botnet is intended to do, as that intent may change depending on the bidder.
Common botnets include the following:
• Asprox Botnet
• Gumblar Botnet
• Koobface Botnet
• Mariposa Botnet
• Storm Botnet
• Waledec Botnet
• Zeus Botnet
Are You in a Botnet?
A botnet is a collection of infected computers under the control of one or more attackers. These botnets are used for a variety of criminal purposes – all of which pose serious risk to the infected user as well as to the entire Internet community.
Once your computer is under the control of a botnet, it may be used to spam others, host phishing sites and other illicit files, infect or attack others, or have adware and spyware foisted on it so the attackers can collect from various affiliate advertising programs.
Even worse, many of today’s threats include keylogging capabilities. Of special interest to the attackers are your personal financial details – once stolen they are used for everything from credit card fraud to outright identity theft. In short, it’s not just your computer at risk – it’s your wallet.
The Botnet Population is Huge
According to a study by McAfee, "at least 12 million computers around the world (are) compromised by botnets." That means the botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories. More than Greece, bigger than Hungary, Belgium, Portugal or Cuba, and just a million behind Zimbabwe and Ecuador. The Czech Republic, Bolivia, Sweden, and the Dominican Republic would all be smaller.
While broadband users are favorite targets, dial-up users are equally vulnerable. Various studies have demonstrated that an unpatched, unprotected system can be compromised in as little as 5 minutes online. And if you're thinking it can't happen to you, think again.
It's All About the Money
Viruses, worms, and Trojans have evolved far beyond the childish pranks of yesteryear. Today's attackers are serious criminals - in it for the money - and your system spells international currency. Botnet operators get somewhere between 15 to 40 cents per infected computer, which means they need thousands of infected computers to make serious cash. And with all the focus on money, and not on notoriety, you can bet they'll make every effort to stay under your radar and get onto your system.
To ensure the greatest chance of survival, malware authors routinely submit their creations to online scanners. They repeat this process over and over again, until they've successfully created a virus, worm, or Trojan that the scanner won't detect. And that's the one they'll use to attack your system.
This means the vast majority of new viruses, worms, Trojans and other malicious software may not be detected by most antivirus or antispyware scanners until after (a) it's been discovered and (b) you've applied the necessary updates. But the malware authors have a trick for this, too. They also craft their malicious code to cripple the scanners such that the necessary updates may never take place.
Become Actively Engaged in Your Own Security
This isn't to say that antivirus isn't needed. Antivirus software is a must - and on a properly managed system, it's invaluable. But it's not a panacea and if it's your only line of defense, chances are it will be breached. Security isn't a passive endeavor and to stay secure you must become actively engaged in your own protection.
Achieving good computer security can seem like a daunting task. Fortunately, following the few simple steps outlined below can provide a good measure of security in very little time.
Use antivirus software and keep it updated. You should check for new definition updates daily. Most antivirus software can be configured to do this automatically.
Install security patches. Vulnerabilities in software are constantly being discovered and they don't discriminate by vendor or platform. It's not simply a matter of updating Windows; at least monthly, check for and apply updates for all software you use.
Use a firewall. No Internet connection is safe without one. Firewalls are necessary even if you have a dial-up Internet connection - it takes only minutes for a a non-firewalled computer to be infected.
• Free ZoneAlarm Firewall
• Using the Windows Firewall
Secure your browser. Many labor under the dangerous misconception that only Internet Explorer is a problem. It's not the browser you need to be concerned about. Nor is it a matter of simply avoiding certain 'types' of sites. Known, legitimate websites are frequently being compromised and implanted with malicious javascript that foists malware onto visitors' computers. To ensure optimum browsing safety, the best tip is to disable javascript for all but the most essential of sites - such as your banking or regular ecommerce sites. Not only will you enjoy safer browsing, you'll be able to eliminate unwanted pop-ups as well.
Take control of your email. Avoid opening email attachments received unexpectedly - no matter who appears to have sent it. Remember that most worms and trojan-laden spam try to spoof the sender's name. And make sure your email client isn't leaving you open to infection. Reading email in plain text offers important security benefits that more than offset the loss of pretty colored fonts.
Treat IM suspiciously. Instant Messaging is a frequent target of worms and trojans. Treat it just as you would email.
Avoid P2P and distributed filesharing. Torrent, Kazaa, Gnutella, Morpheus and at least a dozen other filesharing networks exist. Most are free. And all are rife with trojans, viruses, worms, adware, spyware, and every other form of malicious code imaginable. There's no such thing as safe anonymous filesharing. Avoid it like the plague.
Keep abreast of Internet scams. Criminals think of clever ways to separate you from your hard earned cash. Don't get fooled by emails telling sad stories, or making unsolicited job offers, or promising lotto winnings. Likewise, beware of email masquerading as a security concern from your bank or other eCommerce site.
Don't fall victim to virus hoaxes. Dire sounding email spreading FUD about non-existent threats serve only to spread needless alarm and may even cause you to delete perfectly legitimate files in response.
Remember, there's far more good than bad on the Internet. The goal isn't to be paranoid. The goal is to be cautious, aware, and even suspicious. By following the tips above and becoming actively engaged in your own security, you'll not only be protecting yourself, you'll be contributing to the protection and betterment of the Internet as a whole.
No comments:
Post a Comment