Antivirus Firms Warn Of Growing 'Bot' Networks

Hackers are amassing a vast network of infected systems that could be used to steal personal information and launch large-scale denial-of-service attacks.

George V. Hulme, Contributor

May 13, 2004

2 Min Read
InformationWeek logo in a gray background | InformationWeek

While the recent Sasser worm attacks caught the attention of security professionals, security experts are warning that a more lethal and stealthy class of malicious applications are running amok throughout the Internet.

Known by many names, including "Agobot," "Polybot," and "Phatbot," these hacker-attack tools sometimes act as worms or even as backdoors into users' systems so hackers can control the systems or steal information. They're also often connected through what are known as "bot" networks, which are networks hackers can control to launch powerful denial-of-service attacks.

These bots use many software vulnerabilities within various versions of Microsoft's Windows operating system to infect unpatched systems. Many systems that weren't patched for the security flaw that Sasser used to infect systems, the Windows Local Security Authority Service Remote Buffer Overflow, also were infected with various versions of these bots.

Internet security researchers say it's difficult to pinpoint how many systems are infected with these applications. Alfred Huger, senior director of engineering at Symantec Security Response, said Thursday that one such bot network has reached up to 400,000 infected systems. "That's massive," says Huger, adding that if the hackers who control that network decided to attack a network or a Web site, the impact could be devastating. "I don't think you could so easily protect yourself against an attack of that magnitude," he says.

Craig Schmugar, virus research manager at McAfee Avert, said he estimates there are bot networks of between 10,000 and 100,000 infected systems.

Both Schmugar and Huger say these bots are more difficult to spot than typical viruses and worms, and anyone who was infected with the Sasser worm should thoroughly check their systems for potential infections from these bots.

"It's a big concern for businesses," Huger says. "These types of infections cross the lines of businesses and consumers. These bot networks can be used to steal confidential information from the infected machines, and it's a gaping security hole for anyone that telecommutes."

Schmugar says the virus writers have been prolific in creating variants of these bots. For instance, he says there are 1,200 variants of Gaobot and more than 50 variants of Phatbot known to exist, with 50 new variants of Gaobot appearing each week.

About the Author

George V. Hulme

Contributor

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights