A Robot Network Seeks to Enlist Your Computer - NYTimes.com

[David Farber <dave () farber net>]

http://www.nytimes.com/2008/10/21/technology/internet/21botnet.html?_r=1&hp&oref=slogin


A Robot Network Seeks to Enlist Your Computer
By JOHN MARKOFF
REDMOND, Wash. — In a windowless room on Microsoft’s campus here, T.  
J. Campana, a cybercrime investigator, connects an unprotected  
computer running an early version of Windows XP to the Internet. In  
about 30 seconds the computer is “owned.”

An automated program lurking on the Internet has remotely taken over  
the PC and turned it into a “zombie.” That computer and other zombie  
machines are then assembled into systems called “botnets” — home and  
business PCs that are hooked together into a vast chain of cyber- 
robots that do the bidding of automated programs to send the majority  
of e-mail spam, to illegally seek financial information and to install  
malicious software on still more PCs.

Botnets remain an Internet scourge. Active zombie networks created by  
a growing criminal underground peaked last month at more than half a  
million computers, according to shadowserver.org, an organization that  
tracks botnets. Even though security experts have diminished the  
botnets to about 300,000 computers, that is still twice the number  
detected a year ago.

The actual numbers may be far larger; Microsoft investigators, who say  
they are tracking about 1,000 botnets at any given time, say the  
largest network still controls several million PCs.

“The mean time to infection is less than five minutes,” said Richie  
Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a  
group of about 20 researchers and investigators. The team is tackling  
a menace that in the last five years has grown from a computer hacker  
pastime to a dark business that is threatening the commercial  
viability of the Internet.

Any computer connected to the Internet can be vulnerable. Computer  
security executives recommend that PC owners run a variety of  
commercial malware detection programs, like Microsoft’s Malicious  
Software Removal Tool, to find infections of their computers. They  
should also protect the PCs behind a firewall and install security  
patches for operating systems and applications.

Even these steps are not a sure thing. Last week Secunia, a computer  
security firm, said it had tested a dozen leading PC security suites  
and found that the best one detected only 64 out of 300 software  
vulnerabilities that make it possible to install malware on a computer.

Botnet attacks now come with their own antivirus software, permitting  
the programs to take over a computer and then effectively remove other  
malware competitors. Mr. Campana said the Microsoft investigators were  
amazed recently to find a botnet that turned on the Microsoft Windows  
Update feature after taking over a computer, to defend its host from  
an invasion of competing infections.

Botnets have evolved quickly to make detection more difficult. During  
the last year botnets began using a technique called fast-flux, which  
involved generating a rapidly changing set of Internet addresses to  
make the botnet more difficult to locate and disrupt.



..snip.. 

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com