No progress on botnets, US warns

The growing complexity and scale of the data storage task is making many firms turn to outsourcing. Helen Beckett assesses the risks and the benefits

A gathering of the top US brains in information security has suggested that though authorities are cracking down on phishing and botnets, the threats are no nearer being eradicated.

According to representatives from the US Department of Justice and the US Air Force Office of Special Investigations at the Computer Security Institute's NetSec event, 
cybercriminals are organising themselves better and moving onto more sophisticated tactics to get their hands on confidential data and turn users’ PCs into bots without their knowledge.

Although law enforcement has had some success in catching, prosecuting and convicting phishers and so-called ‘bot herders’ over the past couple of years, the task is getting more difficult, because the criminals are more professional.

Those caught range from teenagers to even retired people, said Jonathan Rusch, special counsel for fraud prevention at the Justice Department.
A particular concern is the increased use of malicious software, with ‘phishers’ using Trojan horses that hiding backdoors, screen grabbers or keystroke loggers to capture log-in names, passwords and other information. Such backdoor software gives attackers remote access to an infected PC, which could let them piggyback onto a user's Internet connection and conduct online transactions from the victim's PC while masquerading as the person.
According to Wendi Whitmore, from the US Air Force Office of Special Investigations, botnets are “one of the greatest facilitators of cybercrime these days. The cybercrime arena is wrapped around botnets”.

Recent analysis by Microsoft has also found that bots are the most common Windows threat, with more than 60% of compromised computers running bot code.

And if you’re reading this on a PC, chances are you’re one of them. Botnets are a big concern. And the fact that law enforcement is struggling to make progress against them is no help.

Read more on IT risk management