Number of Bot-Infected PCs Skyrockets
The number of PCs compromised with software that lets cyber criminals control the machines from afar has more than quadrupled over the last quarter, security experts warn.
The estimates come from Shadowserver, a group of volunteers that monitor activity from robot networks or "botnets," large armies of hacked personal computers used for spam, phishing and all kinds of criminal activity. Shadowserver saw a rise from roughly 100,000 botted PCs to about 400,000 over the past three months.
John Bambenek, an incident handler with the SANS Internet Storm Center, which tracks hacking trends, speculates that the spike is probably related to the massive numbers of Web sites that have been hacked by SQL attacks, and seeded with browser exploits.
While those numbers might seem high, they suggest more of a recent upward trend in bot counts rather than an accurate picture of just how many compromised PCs are out there. In fact, numerous other security experts this year have spotted single botnets that include upwards of 350,000 compromised PCs. And by nearly all accounts, there are thousands of distinct botnets out there today under the thumb of criminal groups and individual hackers.
Shadowserver director Andre' M. DiMino said part of the apparent increase may be due to the fact that the group has been able to deploy more sensors to detect botnet attacks. But at the same time, he said, bad guys are getting better at hiding their bots.
Part of the visibility problem, DiMino said, is that criminals increasingly are moving to Web-based methods of controlling their herds. Traditionally, botnets were controlled by reporting in to an Internet relay chat network and awaiting commands. Most of Shadowserver's numbers come from peering into these IRC-based botnets and counting the number of bots reporting for duty. Instead of reporting in and remaining at IRC control networks, many of today's bots are controlled via Web sites, and only periodically do the bots stop by the site to see if any new instructions have been issued by the bot controllers. Unfortunately for groups like Shadowserver, Web-based botnets make it difficult to track just how many infected PCs may be part of the herd.
"Now, you can't draw a conclusion as to typical botnet size the way you could earlier," DiMino said.
Web-based botnets introduce a few key improvements over IRC-based botnets. Most importantly, any communications between the controlling Web site and the hacked PCs looks like ordinary Web traffic, and so tend to be let in and out of network firewalls without raising alarms. While IRC-based botnet controllers often struggle under the load of traffic from maintaining constant communication with thousands of bots simultaneously, Web-based botnets only require bots to check in briefly every 30-60 minutes or so, DiMino said.
So, what can you do to make sure your computer doesn't become part of a botnet? Staying up to date with security patches for the operating system as well as Internet-facing applications -- such as media players and chat software -- is a good start.
Running the system under a "limited user" account for every day use can block "drive-by" downloads, and otherwise prevent malicious software from getting its hooks into your system, or at least limit the damage that malware can do. This is more of an issue for Windows XP systems, which come configured to run under all-powerful administrator accounts by default. Windows Vista by default uses a standard account, and prompts the user for approval before allowing software to install. In my opinion, Vista tends to overdo the warnings, and doesn't force the user to enter her password before installing software, as does Mac OS X (which I believe has the more balanced and secure approach here).
Using anti-virus software and a firewall is key, but these programs won't save you from your own poor decisions. To that end, be extremely cautious with the programs you install on your system. My rule of thumb is: If you didn't go looking for it, don't install it. If you're not sure about whether a particular program is safe, do some basic research on it first. If a Web site you visit says you need to install or update a plug-in to view the content, download the plug-in from the source itself (i.e., Adobe's Web site, in the case of Flash or Adobe Reader, for example). If the site says you need to install a special video codec, chances are better than even that the site is trying to trick you into installing malicious software.
September 4, 2008; 8:58 AM ET
Categories: Fraud , Latest Warnings
Save & Share: Previous: Firefox Plug-in Offers Clarity on Web Site Security
Next: Scammer-Heavy U.S. ISP Grows More Isolated
Posted by: ComputerPro | September 4, 2008 3:16 PM | Report abuse
Posted by: Krishna | September 4, 2008 4:30 PM | Report abuse
Posted by: TJ | September 4, 2008 4:59 PM | Report abuse
Posted by: JkR | September 4, 2008 5:05 PM | Report abuse
Posted by: Micah | September 4, 2008 8:07 PM | Report abuse
Posted by: Krishna | September 4, 2008 8:48 PM | Report abuse
Posted by: That Blair Guy | September 5, 2008 1:42 PM | Report abuse
Posted by: Tommy | September 5, 2008 3:01 PM | Report abuse
The comments to this entry are closed.