Robot Networks
The most important security issue!
It
is very important that business owners clearly understand this threat.
This issue is the key reason that identity and credit card theft is a multi-billion
dollar industry and is the key reason how systems are becoming compromised.
Definition:
A Botnet is a collection of software robots, or bots, which run autonomously as a network, working together. The word is generally used to refer to a collection of compromised machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure.
Generally, the perpetrator of the botnet has compromised a series of systems
using various tools (exploits, buffer overflows, etc.). Newer bots can automatically
scan their environment and propagate themselves using vulnerabilities and
weak passwords. Generally, the more vulnerabilities a bot can scan and propagate
through, the more valuable it becomes to a botnet owner community.
BotNet Purposes:
|
Here
is an example:
- You receive a phishing email, you click on the link to view the evite
card, a false alert from paypal or a bank claiming someone has compromised
their system and you need to change the credentials immediately.
- When you click on the link you inadvertently download a bot or malicious software agent (i.e. spyware, Trojan, keylogger, etc.).
- Once installed the intruder takes control of your system and can begin to collect your data and use this system to attack another system thus creating a network of compromised systems working together automatically under a common control infrastructure (i.e. a botnet).
Googlebot
is an example of how a botnet works. The Googlebot is looking for new websites
that are launched so that when you use their search engine these sites can
be found. It is the same technology. It is so simple for these intruders
to compromise systems and yet it is so difficult for businesses to promply
detect and respond to these malicious bots.