More Than 1 Million Bots On The Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
3/16/2005
02:57 PM
50%
50%

More Than 1 Million Bots On The Attack

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems.

The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets.

"That number wouldn't surprise me," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based security intelligence firm.

The number of bots in attacker botnets is hard to pin down, added Dunham, but the figures cited by the Germans, he said, are probably conservative. "In just the last six months, the numbers of botnets surged from only a few hundred to over 6,000 total by our count," Dunham said. "It's not uncommon to see botnets with more than 50,000 PCs, so there could easily be a million or more total."

The largest botnet that iDefense has tracked was one in 2003 that controlled a whopping 120,000 machines.

These massive collections of compromised PCs are used by attackers primarily for profit, and are the root of most denial-of-service (DoS) attacks against corporate networks, the foundation of most spamming, as well as leveraged to infect other PCs with worms and viruses ("in most cases, botnets are used to spread new bots," wrote the researchers), to host the bogus Web sites that phishers rely on to trick users into giving up personal information, and to distribute spyware.

"The explosion of botnets is a huge problem," said Dunham.

The vast majority of botnets are made up of Windows systems, said the honeypot researchers. More than 80 percent of the traffic captured by the honeypot machines was directed at four ports used by common services in Windows, such as RPC (Remote Procedure Call) and the NetBIOS Name Service.

In fact, the bulk of the botnets were assembled using just a handful of exploits that take advantage of a few Windows vulnerabilities.

"It's the easy-to-use tools now available to hackers, as well as the source code for some exploits, that's behind the growth of botnets," said Dunham. "We've seen as many as a dozen exploit families, not exploits, but entire families, appear in just days after source code is made public. All [hackers] do is pick up [the code], and copy and paste."

As an example of the serious threat posed by botnets, the German researchers noted that a mid-sized botnet of 1,000 machines sports a combined bandwidth of more than 100 megabits per second, "higher than the Internet connection of most corporate systems," they wrote. That bandwidth can be put to many uses, including spamming and DoS attacks.

"You read what these guys post on their underground boards," said Dunham, "and they're claiming that all you need is 500 to 1,000 machines in a botnet, and you can take out the average corporate network with a denial-of-service attack."

The full report of the honeypot researchers is available on the Web here.

Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll