Ask the Expert

Will the botnet threat continue?

Do you see botnets becoming a greater threat in 2007? Are there any new or emerging methods that seem to be especially effective in luring in victims?

    Requires Free Membership to View

Yes, I do. Botnets are collections of infected machines, often thousands or millions, that are under the control of a single attacker. On today's Internet, these are the bad guys' money-making machines. Attackers use botnets to drive advertising revenue with click-through ads. They can also steal credit card numbers for identity theft and spew spam for phishing attacks. Thus, based on the economics alone, I expect to see botnets become an even bigger issue in 2007.

Today, the most common method of luring victims into a botnet involves client-side exploitation, and I expect to see even more of it as we move through 2007. In these attacks, the bad guys send content via email or by hosting it on Web pages. This content, often Microsoft Word documents, PowerPoint presentations, PDF documents and the like, should not be executable. In these cases, the attacker's file is carefully formatted to exploit a vulnerability in the associated document-reading application. A huge number of vulnerabilities have been discovered in these applications recently.

Most users have been educated to avoid running attachments that contain executables, and many organizations' mail servers even filter out executable attachments. But with an exploit for a normal document-viewing application, any type of attachment can contain executable code. Thus, users who would never run a .exe might get infected by viewing a .doc, .ppt, PDF or other file type. It's a sad state of affairs, and I expect that we'll see much more of that infection vector in 2007.

More information:

  • DDoS attacks are still being launched from botnets. Ed Skoudis explains what ISPs are doing to combat them.
  • Are intrusion prevention systems enough to stop botnets?
  • This was first published in April 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: