 |
||||
|
|
|
||
|
Contents 
Introduction
What are they?
Taking a gamble
An Australian story
Attacking the bots
Sidebar: Getting to the bottom of bots
Sidebar: Bot facts
Sidebar: Keeping your botside covered |
|
||
|
|
||||
|
|
||||
- The number of bot infections monitored by Symantec rose from under 2000 computers to more than 30,000 during the first half of 2004.
- During the first six months of 2004, e-commerce was the most targeted sector in all regards of attack including worm, virus and bot network attacks.
- Of all attacks Gaobot (a network-aware bot that opens a backdoor and can be controlled through IRC channels and has many variants) was the second most (four percent) common attack. It increased in prevalence by 600 percent in the first six months of 2004 -- this came in below the Slammer attack (15 percent).
- It is expected that in the future, bot networks will become even more sophisticated, employing better methods of control and attack synchronisation which will make bots more difficult to detect and locate.
- Bot networks are often better able to exploit new vulnerabilities in systems than worms as they do not require a propagation code.
- It is believed Australia is fourth on the list for bot network attack origin, below the US, China, and Canada, and just above Germany and Great Britain.
You forgot to point out that 99% of bots only affect windows based machines :) and something as simple as following a basic security model would stop most bots dead in their tracks.
Like most malicious application in windows, bots need to write registry values into the windows registry; a normally user account only has write access to HKEY_CURRENT_USER which isn't enough to cause any serious damage to the operating system, this also greatly simplifies removal.
While I agree with the approach both yourself and Gibson have taken (scare tactic), I think you really should have been more emotive and stressed on user education. Believe it or not its not impossible to take down a botnet and with other attacks types such a DRDOS (distributed reflected denial of service) and DEDOS (distributed email denial of service) botnets can be considered small fry.
I believe everyone in the chain needs to do there part to help solve this problem. ISP's monitor ICMP and UDP activities which are normally related to botnet floods, most even egress filter these days to stop s****ing. Software vendors are constantly improve default security policies or providing updates to ensure machines aren't as easier infected. We as end user need to do as much as we can to secure our machines regardless of operating system. With higher security awareness and education comes "more" secure machines, remember there can't be botnets without insecure machines.