More Than 1 Million Bots On The Attack - InformationWeek
IoT
IoT
News
News
3/16/2005
02:57 PM
50%
50%

More Than 1 Million Bots On The Attack

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems.

The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets.

"That number wouldn't surprise me," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based security intelligence firm.

The number of bots in attacker botnets is hard to pin down, added Dunham, but the figures cited by the Germans, he said, are probably conservative. "In just the last six months, the numbers of botnets surged from only a few hundred to over 6,000 total by our count," Dunham said. "It's not uncommon to see botnets with more than 50,000 PCs, so there could easily be a million or more total."

The largest botnet that iDefense has tracked was one in 2003 that controlled a whopping 120,000 machines.

These massive collections of compromised PCs are used by attackers primarily for profit, and are the root of most denial-of-service (DoS) attacks against corporate networks, the foundation of most spamming, as well as leveraged to infect other PCs with worms and viruses ("in most cases, botnets are used to spread new bots," wrote the researchers), to host the bogus Web sites that phishers rely on to trick users into giving up personal information, and to distribute spyware.

"The explosion of botnets is a huge problem," said Dunham.

The vast majority of botnets are made up of Windows systems, said the honeypot researchers. More than 80 percent of the traffic captured by the honeypot machines was directed at four ports used by common services in Windows, such as RPC (Remote Procedure Call) and the NetBIOS Name Service.

In fact, the bulk of the botnets were assembled using just a handful of exploits that take advantage of a few Windows vulnerabilities.

"It's the easy-to-use tools now available to hackers, as well as the source code for some exploits, that's behind the growth of botnets," said Dunham. "We've seen as many as a dozen exploit families, not exploits, but entire families, appear in just days after source code is made public. All [hackers] do is pick up [the code], and copy and paste."

As an example of the serious threat posed by botnets, the German researchers noted that a mid-sized botnet of 1,000 machines sports a combined bandwidth of more than 100 megabits per second, "higher than the Internet connection of most corporate systems," they wrote. That bandwidth can be put to many uses, including spamming and DoS attacks.

"You read what these guys post on their underground boards," said Dunham, "and they're claiming that all you need is 500 to 1,000 machines in a botnet, and you can take out the average corporate network with a denial-of-service attack."

The full report of the honeypot researchers is available on the Web here.

Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
News
5 Data and AI Trends for 2019
Jessica Davis, Senior Editor, Enterprise Apps,  1/7/2019
Commentary
Act Now to Reap Automation Benefits Later
Guest Commentary, Guest Commentary,  1/3/2019
Commentary
Cloud Trends: Look Behind the Numbers
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  12/31/2018
Register for InformationWeek Newsletters
Video
Current Issue
Enterprise Software Options: Legacy vs. Cloud
InformationWeek's December Trend Report helps IT leaders rethink their enterprise software systems and consider whether cloud-based options like SaaS may better serve their needs.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll