 |
||||
|
|
|
||
|
Contents 
Introduction
What are they?
Taking a gamble
An Australian story
Attacking the bots
Sidebar: Getting to the bottom of bots
Sidebar: Bot facts
Sidebar: Keeping your botside covered |
|
||
|
|
||||
|
|
||||
For Australian businesses such as Professional Punter, a small site that makes money off the sale of gambling tips, bots are real-world threats. "In gambling, bot attacks are well-known and viewed in a pretty bad light," Professional Punter managing director Guy West says.
And while his business knows about bots, which have made extortion attacks on larger bookmaking sites such as Centrebet and Canbet, it certainly can't afford the level of security it says it requires to ensure an attack will not happen to them.
"We just have to grin and bear it," West says. "We have to take the normal precautions with our firewalls, antivirus software, and be careful opening of attachments but I don't think we would have the right security to cope with a sophisticated attack. But then again we don't really have the money to make huge extortion payments. I think only the big companies can really afford to take it seriously."
UK betting site Betfair disagrees. It made a desperate plea on 29 November 2004 to its government and industry organisation asking them to heighten awareness and further fight against DDoS attacks, saying that while they have only affected a handful of larger businesses so far, any company relying on the Web for transactions is ultimately at risk. Online travel sites, book vendors, healthcare systems are all areas that could just as easily be a target of bot attacks, Betfair CTO David Yu says.
Betfair says it has been targeted by Web-based criminals and has been a victim of DDoS attacks on three separate occasions, with hackers flooding its servers with mail sent from botnets, which often lurk on small business and home computers.
| "Big governments are dying to prosecute these guys because they're a pain in the neck... they're really causing trouble." |
It has been suggested bot networks have also been launched by competitors or opponents in business, and that not all attackers have money on the mind -- some simply want to cause a little chaos. Whatever the motive, all those on the receiving end of a bot attack need to realise the implications. Unfortunately, many in business still do not.
You forgot to point out that 99% of bots only affect windows based machines :) and something as simple as following a basic security model would stop most bots dead in their tracks.
Like most malicious application in windows, bots need to write registry values into the windows registry; a normally user account only has write access to HKEY_CURRENT_USER which isn't enough to cause any serious damage to the operating system, this also greatly simplifies removal.
While I agree with the approach both yourself and Gibson have taken (scare tactic), I think you really should have been more emotive and stressed on user education. Believe it or not its not impossible to take down a botnet and with other attacks types such a DRDOS (distributed reflected denial of service) and DEDOS (distributed email denial of service) botnets can be considered small fry.
I believe everyone in the chain needs to do there part to help solve this problem. ISP's monitor ICMP and UDP activities which are normally related to botnet floods, most even egress filter these days to stop s****ing. Software vendors are constantly improve default security policies or providing updates to ensure machines aren't as easier infected. We as end user need to do as much as we can to secure our machines regardless of operating system. With higher security awareness and education comes "more" secure machines, remember there can't be botnets without insecure machines.