Why we're losing the botnet battle

Botnets -- they're dangerous, deceptive, and very difficult to detect and deal with. What's more, according to recent surveys, the botnet threat is growing...rapidly.

Other stories on this topic
US law enforcement: Expect more spam prosecutions 7/12/2007
Texans used botnets, spam in stock scheme, SEC says 7/10/2007
6 ways to fight back 7/6/2007
Powered by Inform
RSS feed

Experts say it's imperative that enterprises become aware of the acute and growing dangers posed by botnets, and take decisive and effective steps to counter them before it's too late.

New! Watch this Network World Webcast - Practical Email Governance Now. Meeting the Minimum Threshold to Regain Control Over Email.

But that's easier said than done as botnets are insidious, and use stealth as a key weapon.

Short for robot, a bot is a captured and compromised computer; and of course botnets are networks of such computers. After being commandeered, these machines may be used for a range of nefarious purposes, including scanning networks for other vulnerable systems, launching denial of service (DoS) attacks against a specified target, sending spam e-mails, and keystroke logging as a prelude to ID or password theft.

Botnets are generally created through spam e-mails or adware that leaves behind a software agent, also sometimes called a 'bot'. Captured, or "botted," machines can be controlled remotely by the malware creator, referred to as the bot master or bot herder.

If additional software has to be downloaded to complete the capture process, the bot would first do that. "It may use any mechanism -- FTP, PFTP, HTTP -- to install the software," explains Jim Lippard, director of information security operations at network services provider Global Crossing, whose customers include more than 35% of the Fortune 500, as well as 700 carriers, mobile operators and ISPs.

The next thing the bot does is call home. It would "usually do a DNS lookup on a particular name used by the miscreant for that botnet. Then it will find the host for that name, and connect to it using standard Internet Relay Chat (IRC) protocol," Lippard says.

The larger a botnet, the more formidable the attack it can launch. For instance, when a botnet containing tens of thousands of captured machines is used to launch a denial of service attack, the consequences can be serious and irreparable.   

1 | 2 | 3 | 4 |  Next >
Recent News:
· The State of Spam: What to Expect in 2009
· Twitter hit with phishing scam
· Psychic predictions for tech in 2009
· Watch out for hidden cookies
· Microsoft downplays Windows Media Player bug
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.