You've heard about botnets and how they're much harder to stop than the typical worm or virus. Now there's new proof that they're advancing with alarming speed, building a network of more than a million zombie PCs that make cyberspace more dangerous by the day.
"If you thought 2004 was bad, wait until the end of 2005," said Ken Dunham, director of malicious code for Reston, Va.-based security firm iDefense. "It's getting worse out there; more code that's harder to detect and remove."
Add that to the new regulations and training issues enterprises are dealing with today, Dunham said, "and you have to conclude that it's a tough time to be an IT administrator. Their workload is bigger and the bad guys are taking advantage of that."
Exhibit A is a report from the Honeynet Project and Research Alliance. Using a honeynet, researchers said they were able to track more than 100 botnets in four months and that some of the larger zombie networks were comprised up to 50,000 hijacked machines.
The conclusion: More
Exhibit B comes from iDefense. Of 27,260 attacks the firm monitored last year, more than 15,000 were designed to covertly steal information or take over computers for criminal purposes, including identify theft and fraud. Among its findings:
- Sophisticated malicious code like bots is the fastest growing type of Internet threat.
- Attackers are using multiple tools that include free chat rooms to gather, store and analyze data.
- Most antivirus and firewall programs simply can't keep up with an average of nearly 75 new threats a day.
While security experts have been ringing the bot alarm bell vigorously in recent months, those interviewed for previous bot stories have said the goal isn't to create a sense of panic. It's to help IT professionals understand the nature of a quickly growing threat so they can defend their networks accordingly.
Most experts have mentioned the need for an in-depth, layered defense, including antivirus, firewalls, intrusion detection and vigorous patching. They have also said that antivirus companies must update their products to meet the threat.
Finnish security firm F-Secure Corp. said it is working to do so with the first version of its BlackLight Rootkit Elimination tool. It's designed to track down root kits used to create botnets and wipe them out. A free version can be downloaded from the company's Web site. Eventually, the tool will be worked into a wider security suite.