Botnets more dangerous than we realise
Botnets more dangerous than we realise
Mar 15, 2005: A new report has revealed that botnets are much more threatening than was first thought after 226 attacks made on 99 different targets between November 2004 and January 2005 were analysed through The Honeynet Project.
According to the project, a botnet is a network of compromised machines that can be remotely controlled by attackers. This includes tens of thousands of systems that are linked together and can cause serious harm on the community.
The report, "Know your Enemy: Tracking Botnets", discovered that over 1 million hosts are controlled by hackers. It followed 100 active botnets, including that incorporated 50,000 compromised "zombie" machines.
Over three months, it discovered that 226,586 IP addresses were joined together to launch attacks.
The report states that attackers often target Class B networks or smaller net-ranges."Once these attackers have compromised a machine, they install a so called IRC bot - also called zombie or drone - on it. Internet Relay Chat (IRC) is a form of real-time communication over the Internet. It is mainly designed for group (one-to-many) communication.
"We have identified many different versions of IRC-based bots, with varying degrees of sophistication and implemented commands, but all have something in common. The bot joins a specific IRC channel on an IRC server and waits there for further commands. This allows an attacker to remotely control this bot and use it for fun and also for profit. Attackers even go a step further and bring different bots together.
"Such a structure, consisting of many compromised machines which can be managed from an IRC channel, is called a botnet."
The botnet is used for distributed denial-of service attacks, which involves taking down the computer systems or network to cause a lack of service to users; spamming; sniffing traffic, to retrieve sensitive information like usernames and passwords; keylogging; spreading new malware; mass identify theft; attacking IRC chat networks and installing advertisement Addons and Browser Helper Objects.
Overall, the report concludes that some attackers are highly skilled and organised and potentially belong to organised crime structures. They also have the ability to take down almost any website or network instantly by using the power of several thousand bots.
Related Article: