Invasion of the CPU Snatchers. Watch out!

Although the title of this installment of my series on the Top Ten Cyber Menaces for 2008 may seem humorous, this is a very serious cyber security issue. As I stated in Part 1 of this series, my goal is to raise awareness and to focus on the business impact of the CMW (Cyberspace Most Wanted) threats.

The CPU snatchers I refer to are the Botnets that are running out of control throughout the Internet. Bots are not a “new” cyber security phenomenon; they have been in cyberspace for several years. They have become more sophisticated and seem to be the preferred choice for crime ware activities today. Thus, security managers can no longer point to a well configured anti-virus system and say they are protected from malware. Even though a well-configured anti-virus system continues to be important, it is now only one component of total malware protection. New threats mean that new tools and new processes must be implemented for the network to stay protected.

What Are Bots?
A bot is a hacker attack tool that can be used to do anything you can do with a computer. They have been documented to spread as a worm from machine to machine, opening back door access to infected machines or planting code that can be activated later by a hacker called a "bot herder". Bot infections are very difficult to detect because they do not normally adversely affect the systems they infect. Bots on infected machines around the Internet can be linked together into massive "bot networks (botnet)". The danger lies in the potential for a hacker to use a botnet to highjack thousands of Internet computers and use them - like a great zombie army - for malicious purposes, such as a coordinated denial of service attack. The tools can also be used to search for stored passwords and other data on computers, such as credit card and social security numbers.

How Serious Is the Botnet Problem?
Security experts say it is difficult to predict how serious the potential bot threat is because it is hard to gauge how many Internet-connected machines are infected. Some botnets could be made up of anywhere from 10,000 to 400,000 machines.

The situation is further obscured by the fact that there are numerous variants of individual bots. According to security experts McAfee, there are 1,200 variants of Gaobot, more than 50 variants of Phatbot, and more than 900 of Agobot. Different bot variants may carry different payloads and be used for different purposes.

Systems under the control of a bot herder are used to:
• Conduct Spamming Campaigns
• Conduct Phishing Campaigns
• Harvest identity information
• Perform denial-of-service (DOS) and distributed denial-of-service attacks (DDOS)
• Infect other systems
• Distribute Malware and Crimeware
• Steal data from compromised systems and networks
• Conceal the activities of hackers
• Conduct "Clicks4Hire" campaigns
• Deploy key loggers that record every keystroke on the infected computer

Botnet Risk Mitigation
Botnets are a major weapon used by the bad guys to make cyberspace unsafe. There are many solutions and best practices available for small and medium sized businesses to lessen the risks of a botnet infection. There is a direct link between surfing the Internet and increasing your chances of your CPU being "snatched"! In Part 1 of this series, I discuss how cyber criminals are exploiting vulnerabilities in trusted websites to embed malware that infects users as they innocently browse these sites. Although there are some typical signs that your computer may be part of a botnet, detecting and cleaning botnets at the desktop is not a feasible solution to the problem because they are often too difficult to detect. It seems that the best defense against botnets is to protect your systems by defending the attacking entry points. Implement products like secure web gateways, intrusion detection and prevention, network antivirus and URL filters that prevent infection.

Lester Pierre is the CEO of Wall Street Network. If you find this article beneficial to your organization, and would like to learn more about cyber security, please contact him at lesterp@wsn.net.