Computer Bots Adapt To New Technologies

Bots have come a long way from their meager beginnings in the early 1990s as novelty "robot" scripts that Unix programmers constructed to share innocuous information like time and temperature. A decade later, destructive bot programs are now written by cyberattackers to steal information from computers and launch spam or denial-of-service attacks. Next, a new breed of bot threatens to infect any network-connected system, including increasingly powerful mobile devices, voice-over-IP systems, and Web applications.

Although servers and other network-connected devices can be infiltrated by bots, PCs are the easiest and most common target because PC security is largely in the hands of PC users, who often engage in risky behavior by not updating their security software and by visiting Web sites infected with malware. PCs also are very predictable in their configurations, with most running some version of Windows. This is why cell phones and other mobile devices to date have been more difficult to co-opt: They largely use different operating systems.

"There's a lot of talk in the underground about a cell phone bot, but the drawback to creating one is that there's no monoculture in terms of a standard operating system," says Marcus Sachs, a deputy director in SRI International's computer science laboratory.

Bots have to be tuned to run on a particular device, so it's difficult to create a botnet army if the attacker has to write bots for a variety of mobile operating systems. BlackBerrys, iPods, and cell phones aren't yet ripe targets. "Once you have wireless iPods that are always connected, this becomes a larger target," he says.

Likewise, as VoIP systems become more widely deployed, they become more appealing to bot creators looking to manipulate voice traffic, either to take down servers or steal voice data. Online games also are an appealing target for bot makers to plant code that infects users' PCs. "The more connected we get, the more opportunities there are for something like this," Sachs says.

Multimodal attacks that combine Web application vulnerabilities and bots also are an emerging threat. Imagine an attacker using a cross-site scripting attack to plant malicious software on the browser of any user who visits a certain Web site. That malicious software could itself be a bot, or it could shut down a PC's defenses and allow a bot to be planted via an E-mail or network attack. "You could reprogram a wireless router to open it up for attacks by bots," says Bill Pennington, VP of operations for WhiteHat Security, a security vendor specializing in Web application security. "It's an elevation of the botnet idea."

Image by Ryan Etter

Return to main story, Beware The Bots