Hackers return fire at security patches

Hackers have hit back against major security patches issued by the likes of Microsoft, with a marked rise in self-installing robot programs that allow an unauthorised user to control a computer remotely.

In a report on robot program ('bot') activity for the period January 1 to June 30 2005, Internet security vendor Symantec found an average of 10,352 bots online per day.

This compared with an average of 5,000 bots per day around December 2004.

Bot networks are compromised computers on which attackers have installed software that listens for and responds to commands -- commonly over a chat channel -- allowing remote control of the computers.

The rise in bot activity follows the release of Microsoft's Service Pack 2 in August 2004, a free download issued by the vendor to combat a range of security exploits. Prior to its release, 30,000 bots per day had been recorded in July 2004.

The 2005 rise was a sign that hackers and malicious users were fighting back against vendor patching, according to the report.

"It is likely that bot network owners have been required to modify their attack methods in order to maintain viability in the face of these changes," the report said.

Coinciding with the rise in bots, the report found denial of service (DoS) attacks jumped by 680 percent in the same period, to an average of 927 per day. Bot networks are commonly used to execute DoS attacks.

"This increase in DoS activity is largely due to the corresponding increase in bot network activity. It may be related, at least in part, to financial motivation, as DoS attacks have been reported in extortion attempts," the report said.

Symantec also found such bot networks were available for hire. The report detailed an example from a chat service, whereby a bot network owner advertised the size, capacity and price of the network he was offerring. Customised bot binary code was available for between US$200 and US$300.

"These communications indicate that it is not uncommon for those who maintain control of these bot networks to provide full or partial access to the compromised systems for a fee," the report said.

The report was compiled via 24,000 sensors monitoring network activity in over 180 countries.

• Related stories

• Alerts

Sign up for an e-mail alert

ZDNet Australia Alerts is an e-mail alert service which provides personalised news, features and reviews to readers’ inbox on an hourly, daily and weekly basis.

Alert:

E-mail: *

Frequency: *

Hourly Daily Weekly

Add alert

Add your opinion

Add your opinion

All fields are required

Subject:
Comments:
Full name:
E-mail address:

Your e-mail will not be displayed

Posting options:

Display all details Do not display details

Security Code:

You must read and type the 6 chars within 0..9 and A..F

 

SafeJaina -- 22/09/05 (in reply to #120121282)

*sighs* Is the world ever going to be safe?

• Reply to comment
• Report offensive content

MisleadingAnonymous -- 22/09/05

This article is very misleading. It tries to portray the bot activity as a reaction to security patches and upgrades but presents no evidence that the criminals are doing anything they weren't already intent on doing.

If anything, the updates, especially firewalls that reduce the effect of newly discovered vulnerabilities by keeping the ports hidden, have made it harder of the bot controllers. Much like the way security cameras have changed the difficulty of shoplifting. It hasn't eliminated the problem but it is a different fight than before.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Login

E-mail Password (forgot?)

Login Remember

Like 124,000 other people join the community and get the latest news from the IT industry.

Reader Services

Popular Topics

Essentials