What in the world is a Bot?

Image via Wikipedia

The computer vernacular has given us many terms, but Botnet describes something that everyone should be aware of. Also known as Ghostnets or Zombie Farms, Botnets are used for malicious activity, the types of which this blog usually talks about. Individual computers are infected with a virus that is under a command and control structure, turning them into 'Bots', short for robots. This virus can be as simple as in an email or code on a website, and once installed can be very difficult to detect and eradicate. The bot is then grouped together with other bots to perform malicious activity, such as sending out spam email or 'Denial of Service' attacks.
Now while all of this seems harmless, consider what is happening. Someone with bad intentions owns your machine more than you do, and uses it to attack the livelihood of others. These people can rent out their botnets to other criminals to send out spam, or use them for direct attacks on companies as they demand ransom. These endeavors can be lucrative, so the practice continues.
Also consider that sometimes it can be state sponsored terrorism or spying. The attack on the Dalai Lama started out among supporters of Tibet through an email hack and wound up infecting over 12,000 computers in many different countries' embassies and consulates. The Dutch police found a 1.5 million node botnet, and the Conficker virus created over 10 million bots around the world. Many of these networks have scaled back to elude detection to below 20,000 machines, but big networks still exist and operate.
Aside for the things such as spam and credit card fraud that these systems are often used for, there are other implications which also bear looking at. The attack on the Pentagon in 2007 created immense collateral damage to machines around the world, mostly here in the US as botnets ramped up and attacked the firewalls of the Pentagon. This created an immense slowdown of the internet as vulnerable systems were converted into soldiers in the attack. The spike in traffic went well over the normal 60TB of data that is moved on the internet each day, creating a global slowdown and disruption of everything from commerce and banking to every other use the internet has.
These can be avoided quite simply for now with some basic maintenance to the average computer and user:
1. Patches and Updates. Seems simple, but so often either overlooked or just not done.
2. Firewalls (Hardware and Desktop) are configured correctly and monitored.
3. Anti-virus is everywhere.
4. Policies, guidelines and procedures, and then education about those same items. It is helpful to write in a manual that a user should not pick up a found USB key and insert into their company desktop. It's more helpful if the employee is instructed that the policy exists and why.
Another simple fix is to outsource your security. Many of the attacks that are well documented are inside jobs. Rio Tinto in 2009, Societe Generale in 2008 were both billion dollar losses because the people inside the company had access, knowledge and privileges. By finding a trusted partner to handle either the total security defense, or to provide oversight of the internal resources, a savvy businessman can ensure that all threats inside and out are being carefully handled.

Related articles by Zemanta

• The Enemy Within: What is Conficker's Botnet For? (theatlantic.com)
• The Enemy Within (Conficker Worm) (theatlantic.com)
• Tequila botnet auto-destructs (go.theregister.com)