Invasion of the botnets a real and urgent threat
- 12 September, 2007 22:00
In contrast to the spectacular computer virus outbreaks four years ago, today's attacks are subtle, discreet, carefully targeted and designed to stay below the radar of official security agencies. One form of these silent yet all-pervasive attacks involves marshalling unprotected home computers into unwitting electronic slave networks called botnets.
"The threats today are silent, low and slow," says Vincent Weafer, senior director, Symantec Security Response. "If you were to ask, what are the engines that are creating this, what you have over and over is botnets.
"It's the integration of home computers into botnets. It's largely home users, small businesses, not on large enterprise machines. If you look at the corporate world, you're not allowed onto a network unless you have a minimum level of security.
"A lot of botnets generate small amounts of traffic at a slower rate, so it's less noticeable. A lot of us are on unlimited usage, and they're designed not to be seen. This is why this is very difficult to eradicate; they're sitting just below the surface. So the challenge is working with the users, how do we all work together to eradicate it?"
Recent analysis of rogue code from criminal users suggests that about 93 per cent of attacks are targeted at vulnerable home users, large numbers of whom have only rudimentary computer security or no type of security at all.
On July 7, US telecommunications utility Verizon acquired a presence in the worldwide IT security business, completing the takeover of what used to be Cybertrust, now Verizon Business Security Solutions. Verizon's legacy from Cybertrust includes high-level security operations in Canberra, where the operation has a Highly Protected security clearance, and monitors incoming IT attacks, including those from botnets.
"We're now seeing attacks from all over the world," says John Karabin, general manager, federal government, for the rebadged Verizon. "Anywhere there's bandwidth and computers, you can see attacks coming. One of the advantages of being a global security company is that we see attacks being synchronised.
"Some of it is profit-based, some of it is ideological, some of it is other governments. You only have to wind back a couple of years, the attacks were much simpler."
One international group with a lot of nerve has recently been tangling with internet security group Websense Security Labs. It has been emailing US businesses about alleged consumer complaints from the Better Business Bureau, inviting them to click on a link to get details of the complaint.
Adding injury to insult, should the link be activated, it exposes the computer concerned to rogue code being downloaded from the illicit site.
The lack of polish in these particular intruders underlines another recent development, the burgeoning of internet market sites where offenders lacking technical expertise can buy internet tools from others to engage in illicit exploits.
These can be details of specific vulnerabilities to lists of compromised bank accounts or credit card numbers, and botnet operational tools with dropdown menus, bandwidth, quality and reliability guarantees, tuned for specific countries. If each of the bank accounts has, say, a guaranteed minimum $10,000 in them, the internet price is correspondingly greater.
The number one place to go for cybercrime tools would be an internet relay chat service, which is an internet facility for multi-conferencing, though it can also handle one-to-one transactions.
To deal with the phalanxes of botnets, comprehensive international action will be required, which means extensive international conferences and a long-running campaign to educate national politicians oblivious to the amount of damage that criminal and terrorist networks are doing to the internet.
This will entail laws aimed at illicit behaviour, targeting pump and dump stockmarket stings, mass cyber mailouts for the hardy perennials of counterfeit pharmaceuticals and exotic weight-reducing compounds (notably an African plant called hoodia), and the installation of malware on home computers without the knowledge of the owners.
One need is internationally accepted legal definitions of such illicit activity as keyloggers, trojans, viruses, worms, identity theft, adware, spyware and botnets, to make international law enforcement co-operation easier.
Ironically, one occasion for increases in botnets is when a country makes a drive to improve its broadband network, as international criminal groups are drawn to the increased capacity.
Only a multi-layer strategy - including network intrusion prevention, anti-virus, worm and trojan updates, anti-fraud software and sophisticated spam filters, and services to identify and clean infected computers - is likely to keep botnets under control.
Australian Financial Review
©Fairfax Business Media