 |
||||
|
|
|
||
|
Contents 
Introduction
What are they?
Taking a gamble
An Australian story
Attacking the bots
Sidebar: Getting to the bottom of bots
Sidebar: Bot facts
Sidebar: Keeping your botside covered |
|
||
|
|
||||
|
|
||||
The bots that are terrorising us today are actually programs, and they've been around for quite a while in a much more benign form. The first bots were used to create virtual opponents for video games or to spider Web sites. The first bot -- the Eggdrop bot -- was written in 1993 to help form party lines on Internet Relay Chat (IRC) lines.
As bots became more sophisticated, they began to take on more sinister roles in the hands of some creators. Now they can be secretly installed on a target system, and once there, an unauthorised user can take control of the system, giving out malicious directions for one or a whole group of bots the controller may have set up.
They have recently been known to launch viral attacks, extort finances from companies, or send spam from your machine, without the user even being aware they are there. Bot business has suddenly come to mean big money. In the same sort of place that Internet porn, fake Rolex watches, and promises of cheap Viagra lurk, you can find a black market for bad bots.
According to Symantec security response team senior director Vincent Weafer, bots hidden on your machine can be put up to a range of dirty deeds netting their creators up to AU$100 an hour. Individual bots can disable virus protection and allow the nasties in, or armies of bots can make their way past the front line, using sheer force to flood a system and bring a business -- particularly an online operator -- down. Many of these bot sources can be found over the Internet, proferring their services to one and all.
"The [malicious] motivation between the launch of bot attacks can vary between profit and distortion," Weafer says. The controller of a bot can say 'I am going to do a Dedicated Denial of Service [DDoS] attack on you unless you pay me money'. One sector where this scam is often used is with online gambling sites.
"Bots are also certainly seen as a tool for the relay of spam, or they can be used to gain credit card information and to store illegal material on people's machines... bots really are dangerous because they can use machines for so many different purposes. In many cases bot networks themselves are available for rent at a per-hour amount. This depends on the number of machines or bandwidth types. One we pulled off had about 220 bots that had been sold for AU$800 a week, another had bots on 9000 machines. The average network amount is 2.5 cents per bot week. Rental is very low so it makes sense to use bots for extortion or for spamming," he adds.
You forgot to point out that 99% of bots only affect windows based machines :) and something as simple as following a basic security model would stop most bots dead in their tracks.
Like most malicious application in windows, bots need to write registry values into the windows registry; a normally user account only has write access to HKEY_CURRENT_USER which isn't enough to cause any serious damage to the operating system, this also greatly simplifies removal.
While I agree with the approach both yourself and Gibson have taken (scare tactic), I think you really should have been more emotive and stressed on user education. Believe it or not its not impossible to take down a botnet and with other attacks types such a DRDOS (distributed reflected denial of service) and DEDOS (distributed email denial of service) botnets can be considered small fry.
I believe everyone in the chain needs to do there part to help solve this problem. ISP's monitor ICMP and UDP activities which are normally related to botnet floods, most even egress filter these days to stop s****ing. Software vendors are constantly improve default security policies or providing updates to ensure machines aren't as easier infected. We as end user need to do as much as we can to secure our machines regardless of operating system. With higher security awareness and education comes "more" secure machines, remember there can't be botnets without insecure machines.