The Web    www.100share.com    Google
 
Botnets: Who Really ''Owns'' Your Computers?
 

Botnets: Who Really ''Owns'' Your Computers?
May 17, 2005

Sometimes it's satisfying to leave the confines of the NOC and take a stroll through the cube farm, secure in the knowledge that the machines on your network are secure and in hand.

Except, perhaps, when they're not.

A ''botnet'' is a collection of computers that have been infected with remote-control software. An IRC ''bot'' is the software that gets installed by a virus, which in turn connects to an IRC (Internet Relay Chat) server -- the control plane for sending commands to the bots.

A typical botnet scenario involves thousands of compromised Windows machines and a single ''attack'' command issued by the owner of the botnet, resulting in once innocent computers executing an attack on an unsuspecting Web site. This article will explore common methods of infection and the capabilities the bots have, for the sake of better understanding these perils.

When an unpatched Windows computer connects to the Internet, survival is an unlikely prospect. Within minutes, the computer can become infected with a trojan or virus that installs an IRC bot. The bot will immediately ''phone home'' by connecting to an IRC server then stand by, awaiting commands. SANS has cited 24 minutes as the average amount of time a freshly installed Windows XP computer can last on the internet before infection. If you're running a fresh install of MS-SQL server, the time is considerably shorter. Some have cited sub-minute survival times for new, unpatched SQL servers.

What Can They Do?

Botnets have various capabilities, including denial of service attacks, spam relays, theft of personal information, and they even start web servers on infected computers to aid in phishing attacks. These are all illegal activities, and definitely not something you want coming from your computer. There's nothing worse than receiving e-mail from a different company's security officer with evidence you've been attacking them or sending spam.

This article was first published on EnterpriseNetworkingPlanet.com. To read the full article, click here.

 
  • 10/12: Forbot-BD Runs in Background
  • 5/11: Ifbo-A Worm Exploits LSASS Flaw
  • Security Policies - Not Yet As Common As You'd Think
  • 2/14: Dopbot-A Worm A Acts as IRC Bot
  • Network-1 Offers Centralized Policy Control For Distributed Firewalls
  • 2/28: Rbot-UC a Worm and Trojan
  • 11/22: Swizzor-BQ Trojan Downloads, Runs Files
  • Macromedia Patches MX 2004 Security Flaws
  • 8/9: MyDoom-R Worm Downloads Code
  • 1/10: Gaobot.CKP Worm Lets Hackers In
  • SQL Server Security Checklist
  • Compare Security Camera Products