 |
||||
|
|
|
||
|
Contents 
Introduction
What are they?
Taking a gamble
An Australian story
Attacking the bots
Sidebar: Getting to the bottom of bots
Sidebar: Bot facts
Sidebar: Keeping your botside covered |
|
||
|
|
||||
|
|
||||
In the last two years, Australia has become one of the prime locations for the launching of Internet-based attacks. Only China, Canada, and the US have more. A majority of these attacks has been put down to the increase of bot-infested machines seen in the country. "Unfortunately in Australia, being a well-connected society, we are a prime target," McAfee marketing director Alan Bell says. One of the biggest dangers in a well-connected society is that everyone can be at risk. He says both small and large businesses could find themselves targets of bot attacks, but it is the larger businesses that will see more damage inflicted.
"But the upside is, in Australia, these people do tend to be more protected. Here, only 25 percent of companies are running without adequate protection -- but the average user of a computer (your home user) does not have quite as much value on their system and would probably never think that they need to."
Small businesses, which use their computers in a limited capacity, tend to be the biggest liability when it comes to bots. They are generally targeted not for attacks, but instead as hosts, much the same as home computers. "Bot networks typically work off of unsuspecting computers, so most of the time people will not even know they are affected and will not see any need to protect against them," Australian computer Emergency Response Team (AusCERT) senior security analyst Jamie Gillespie says.
But McAfee's Bell says small businesses should also be concerned. He says one simple attack could easily bring a business of this size down with a loss of information from customer lists to credit card details. "Many of these businesses think it will never happen to them because they are unknown [to the hackers]. But bots and those who control them aren't always looking for someone in particular. If a business is vulnerable it will get caught -- they won't always care how big a machine is. All they might want is your banking information.
Gillespie agrees. He says most people, in cases where bots launch or deactivate viruses or the armour against them, will put the problem down to a virus before they look any further. "A bot can have strong similarities, and not appear to the user as anything else," Gillespie says.
"Software that is around for cleaning networks or preventing bot attacks is fairly expensive, it's proprietary and it is more of the big end of town that have the financial resources to protect themselves in this way. But as awareness and penetration of software reaches the market, the unit cost will come down and we will be able to eradicate more of these problems."
You forgot to point out that 99% of bots only affect windows based machines :) and something as simple as following a basic security model would stop most bots dead in their tracks.
Like most malicious application in windows, bots need to write registry values into the windows registry; a normally user account only has write access to HKEY_CURRENT_USER which isn't enough to cause any serious damage to the operating system, this also greatly simplifies removal.
While I agree with the approach both yourself and Gibson have taken (scare tactic), I think you really should have been more emotive and stressed on user education. Believe it or not its not impossible to take down a botnet and with other attacks types such a DRDOS (distributed reflected denial of service) and DEDOS (distributed email denial of service) botnets can be considered small fry.
I believe everyone in the chain needs to do there part to help solve this problem. ISP's monitor ICMP and UDP activities which are normally related to botnet floods, most even egress filter these days to stop s****ing. Software vendors are constantly improve default security policies or providing updates to ensure machines aren't as easier infected. We as end user need to do as much as we can to secure our machines regardless of operating system. With higher security awareness and education comes "more" secure machines, remember there can't be botnets without insecure machines.