 |
||||
|
|
|
||
|
Contents 
Introduction
What are they?
Taking a gamble
An Australian story
Attacking the bots
Sidebar: Getting to the bottom of bots
Sidebar: Bot facts
Sidebar: Keeping your botside covered |
|
||
|
|
||||
|
|
||||
Bots may not have the same menacing exterior as the NS5 villain computer from I, Robot, and they may not be able to inflict the same physical damage, but bots are -- in a philosophical sense -- very much the same.
The term bot is in fact short for robot, which of course is something that performs a set of actions on behalf of a remote controller. In the case of a virtual bot, they are bits of code controlled by malicious hackers, that sit on machines as "zombies" and perform actions as directed by their masters. A bot can connect to a service provider and apply for an e-mail address, providing false but seemingly genuine personal details for relevant fields -- just like automated form fillers.
McAfee marketing director for Asia-Pacific Alan Bell says it is best to look at bots as cultivated entities "because they are used again and again."
"Bots are also self adapting -- most viruses tend to be static whereas bots will pull down updates from Web sites so they can adjust their attack to whatever latest vulnerability is out there. If they cannot get one in one way, they will get it another. They also know how to keep a low profile so you won't notice them on your security report," Bell says.
Bots can also exist as a type of virus that floats around on your machine making back doors to actually allow people, or other viruses to get in. In most cases they are used for the extraction of information, a trend that Sophos' head of technology Asia-Pacific, Paul Ducklin, says is simply a modern extension of your early fax scams. They can also send spam e-mail, capture screens, and steal application serial numbers.
Bot networks can occupy a few to thousands, even tens of thousands, of computers that have linked bots installed. You can become a part of a bot network by opening a salubrious e-mail attachment or by picking up a virus (in which bots can be embedded, through Internet chat relay channels or peer-to-peer networks).
Once the bots in a network are installed, their master can awaken them at any given time using your computer, and others in the networks, to launch a Dedicated Denial of Service (DDoS) attack, to send spam, or spread viruses.
DDoS attacks are generally aimed at businesses, whom the hacker or client of the hacker, wants to bring down by rendering servers unusable due to a flood of spam.
You forgot to point out that 99% of bots only affect windows based machines :) and something as simple as following a basic security model would stop most bots dead in their tracks.
Like most malicious application in windows, bots need to write registry values into the windows registry; a normally user account only has write access to HKEY_CURRENT_USER which isn't enough to cause any serious damage to the operating system, this also greatly simplifies removal.
While I agree with the approach both yourself and Gibson have taken (scare tactic), I think you really should have been more emotive and stressed on user education. Believe it or not its not impossible to take down a botnet and with other attacks types such a DRDOS (distributed reflected denial of service) and DEDOS (distributed email denial of service) botnets can be considered small fry.
I believe everyone in the chain needs to do there part to help solve this problem. ISP's monitor ICMP and UDP activities which are normally related to botnet floods, most even egress filter these days to stop s****ing. Software vendors are constantly improve default security policies or providing updates to ensure machines aren't as easier infected. We as end user need to do as much as we can to secure our machines regardless of operating system. With higher security awareness and education comes "more" secure machines, remember there can't be botnets without insecure machines.