Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/4354109.stm
More than one million computers on the net have been hijacked to attack
websites and pump out spam and viruses.
The huge number was revealed by security researchers who have spent months
tracking more than 100 networks of remotely-controlled machines.
The largest network of so-called zombie networks spied on by the team was made
up of 50,000 hijacked home computers.
Data was gathered using machines that looked innocent but which logged
everything hackers did to them.
Quick attack
The detailed look at zombie or 'bot nets of hijacked computers was done by the
Honeynet Project - a group of security researchers that gather information
using networks of computers that act as "honey pots" to attract hackers and
gather information about how they work.
While 'bot nets have been known about for some time, estimates of how
widespread they are from security firms have varied widely.
Even in unskilled hands, it should be obvious that 'bot nets are a loaded and
powerful weapon
Honeynet Project
To gather its information the German arm of the Honeynet Project created
software tools to log what happened to the machines they put on the web.
Getting the machines hijacked was worryingly easy. The longest time a Honeynet
machine survived without being found by an automatic attack tool was only a
few minutes. The shortest compromise time was only a few seconds.
The research found that, once compromised machines tend to report in to chat
channels on IRC servers and wait instructions from the malicious hacker
behind the tools used to recruit the machine.
Many well-known vulnerabilities in the Windows operating system were exploited
by 'bot net controllers to find and take over target machines.
Especially coveted were home PCs sitting on broadband connections that are
never turned off.
Use and abuse
The months of surveillance revealed that the different 'bot nets - which
involve a few hundred to tens of thousands of machines - are used for a
variety of purposes.
Many are used as relays for spam, to route unwanted adverts to PC users or as
launch platforms for viruses.
But the research team found that many are put to very different uses.
During the monitoring period, the team saw 'bot nets used to launch 226
distributed denial-of-service attacks on 99 separate targets. These attacks
bombard websites with data in an attempt to overwhelm the target.
Using a 'bot net of machines spread around different networks and nations
makes such attacks hard to defend against.
One DDoS attack was used by one firm to knock its competitors offline.
Other 'bot nets were used to abuse the Google Adsense program that rewards
websites for displaying adverts from the search engine. Some networks were
used to abuse or manipulate online polls and games.
Criminals also seem to be starting to use 'bot nets for mass identity theft,
to host websites that look like those of banks so confidential information
can be gathered and to peep into online traffic to steal sensitive data.
"Leveraging the power of several thousand bots, it is viable to take down
almost any website or network instantly," said the researchers. "Even in
unskilled hands, it should be obvious that 'bot nets are a loaded and
powerful weapon."
Published: 2005/03/17 10:41:27 GMT
© BBC MMV
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:15:27 EDT