"A botnet is comparable to compulsory military service for windows
boxes" - Stromberg
(http://project.honeynet.org/papers/bots/)
Botnets are networks of computers that hackers have infected and
grouped together under their control to propagate viruses, send illegal spam,
and carry out attacks that cause web sites to crash.
What makes botnets exceedingly bad is the difficulty in tracing them
back to their creators as well as the ever-increasing use of them in extortion
schemes. How are they used in extortion
schemes? Imagine someone sending you
messages to either pay up or see your web site crash. This scenario is starting
to replay itself over and over again.
Botnets can consist of thousands of compromised machines. With such a
large network, botnets can use Distributed denial-of-service (DDoS) as a method
to cause mayhem and chaos. For example a small botnet with only 500 bots can
bring corporate web sites to there knees by using the combined bandwidth of all
the computers to overwhelm corporate systems and thereby cause the web site to
appear offline.
Jeremy Kirk, IDG News Service on January 19, 2006, quotes Kevin Hogan,
senior manager for Symantec Security Response, in his article "Botnets
shrinking in size, harder to trace", Hogan says "extortion schemes have emerged backed
by the muscle of botnets, and hackers are also renting the use of armadas of
computers for illegal purposes through advertisements on the Web."
One well-known technique to combat botnets is a honeypot. Honeypots
help discover how attackers infiltrate systems. A Honeypot is essentially a set
of resources that one intends to be compromised in order to study how the
hackers break the system. Unpatched Windows 2000 or XP machines make great
honeypots given the ease with which one can take over such systems.
A great site to read up on this topic more is The Honeynet Project
(http://project.honeynet.org) which describes its own site's objective as
"To learn the tools, tactics and motives involved in computer and network
attacks, and share the lessons learned."
No comments:
Post a Comment