Robot Networks
The most important security issue!
It
is very important that business owners clearly understand this threat.
This issue is the key reason that identity and credit card theft is a multi-billion
dollar industry and is the main way in which systems are becoming compromised.
Definition:
A botnet is a collection of software robots, or bots,
which run autonomously as a network, working together. The word is generally
used to refer to a collection of compromised machines running programs (usually
called worms, Trojan horses or backdoors) under a common command and control
infrastructure.
Generally, the perpetrator of the botnet has compromised a series of systems
using various tools (such as exploits and buffer overflows). Newer bots
can automatically scan their environment and propagate themselves using
vulnerabilities and weak passwords. Generally, the more vulnerabilities
a bot can scan and propagate through, the more valuable it becomes to a
botnet owner community.
BotNet Purposes:
|
Here
is an example:
- You receive a phishing email, you click on the link to view the evite
card, a false alert from PayPal or a bank claiming someone has compromised
their system and you need to change the credentials immediately.
- When you click on the link you inadvertently download a bot or malicious software agent (i.e. spyware, Trojan, keylogger, etc.).
- Once installed, the intruder takes control of your system and can begin
to collect your data and use this system to attack another system, thus
creating a network of compromised systems working together automatically
under a common control infrastructure (i.e. a botnet).
Googlebot
is an example of how a botnet works. The Googlebot is looking for new websites
that are launched so that when you use their search engine these sites can
be found. It is the same technology. It is so simple for these intruders
to compromise systems and yet it is so very difficult for businesses to
promptly detect and respond to these malicious bots.