More Than 1 Million Bots On The Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:57 PM

More Than 1 Million Bots On The Attack

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems.

The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets.

"That number wouldn't surprise me," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based security intelligence firm.

The number of bots in attacker botnets is hard to pin down, added Dunham, but the figures cited by the Germans, he said, are probably conservative. "In just the last six months, the numbers of botnets surged from only a few hundred to over 6,000 total by our count," Dunham said. "It's not uncommon to see botnets with more than 50,000 PCs, so there could easily be a million or more total."

The largest botnet that iDefense has tracked was one in 2003 that controlled a whopping 120,000 machines.

These massive collections of compromised PCs are used by attackers primarily for profit, and are the root of most denial-of-service (DoS) attacks against corporate networks, the foundation of most spamming, as well as leveraged to infect other PCs with worms and viruses ("in most cases, botnets are used to spread new bots," wrote the researchers), to host the bogus Web sites that phishers rely on to trick users into giving up personal information, and to distribute spyware.

"The explosion of botnets is a huge problem," said Dunham.

The vast majority of botnets are made up of Windows systems, said the honeypot researchers. More than 80 percent of the traffic captured by the honeypot machines was directed at four ports used by common services in Windows, such as RPC (Remote Procedure Call) and the NetBIOS Name Service.

In fact, the bulk of the botnets were assembled using just a handful of exploits that take advantage of a few Windows vulnerabilities.

"It's the easy-to-use tools now available to hackers, as well as the source code for some exploits, that's behind the growth of botnets," said Dunham. "We've seen as many as a dozen exploit families, not exploits, but entire families, appear in just days after source code is made public. All [hackers] do is pick up [the code], and copy and paste."

As an example of the serious threat posed by botnets, the German researchers noted that a mid-sized botnet of 1,000 machines sports a combined bandwidth of more than 100 megabits per second, "higher than the Internet connection of most corporate systems," they wrote. That bandwidth can be put to many uses, including spamming and DoS attacks.

"You read what these guys post on their underground boards," said Dunham, "and they're claiming that all you need is 500 to 1,000 machines in a botnet, and you can take out the average corporate network with a denial-of-service attack."

The full report of the honeypot researchers is available on the Web here.

Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll