Posted on 09/20/2004 5:30:58 AM PDT by Bloody Sam Roberts
More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, a study shows.
Six months ago only 2,000 Windows machines per day were being recruited into these so-called bot nets.
Experts say the numbers are growing quickly because the remotely controlled networks are so useful to people who profit from hacking and virus writing.
The figures came to light in Symantec's biannual Internet Threat Report which traces trends in net security.
Hidden harm
Nigel Beighton, a member of Symantec's Threat Team, said the number of PCs being enrolled in these networks was the stand out statistic for the latest report which covers the first six months of 2004.
The peak of new recruits was 75,000 in one day.
This high watermark was hit when the creators of the MyDoom and Bagle viruses were conducting an online war that resulted in many different versions of their malicious programs being released.
Once created the networks of zombie PCs are used as anonymous relays for spam, to launch denial of service attacks on websites or simply to steal confidential information about a PC's owner.
Mr Beighton said the methods used to recruit PCs marked a significant change in the activity of virus writers and malicious hackers.
In the past many people wrote viruses to gain notoriety or "bragging rights" among their peers. Status in such groups revolved around the number of machines infected and how fast a virus spread.
However, said Mr Beighton, because the bot nets are being put to many outright criminal uses, the writers of the programs that create the networks are happy for their creations to stay out of the limelight.
"When you look at the statistics you see that the level of attacks continues about the same level," he said, "what has changed is how they are operating."
"We're seeing increased use of backdoors and worms written in technically accomplished ways so they do not give themselves away," he said.
Sneaky worm
The Sasser worm was a good example of this new trend, said Mr Beighton.
That virus did not spread particularly quickly, yet managed to find and recruit many thousands of machines.
What has also fuelled the rise of the bot nets is the willingness of virus writers to share their malicious code so it can be altered and re-used by others.
As a result there are now some viruses that are appearing in a bewildering number of guises. For instance there are now more than 200 varieties of the Gaobot worm.
Mr Beighton said that although many net service firms were working hard to find and clean up compromised machines, many thousands were still in place because they are not yet active or only activate infrequently.
It was too early to say whether Microsoft's SP2 update for Windows XP was going to make a difference to the numbers of PCs being recruited into bot nets.
"The key challenge for Microsoft is not XP users," said Mr Beighton, "it's the Windows 98 and 95 machines."
"Getting those people to upgrade and improve their security is going to make the difference," he said.
REPORT HIGHLIGHTS
"Why is that Bloody Sam?" you may be asking yourself.
I use and recommend that everyone use Mailwasher.
It allows you to access and view your email while it is still on your ISPs server before you download it to your PC. It is invaluable and a great piece of software that has saved my bacon many a time.
Ah, the smug feeling of satisfaction you get from running Linux....
Bookmarking - need to send this to a friend
Bump
I don't use file and printer sharing or the windows ICS on my wireless network, and both my DSL and wireless routers have firewalls, in addition to a non-windows software firewall on each machine, and MAC filtering and WPA security enabled.
I'm no expert, but this article appears to be referring to Windows' default network configuration, with only the built-in Windows firewall installed. Anyone who goes with a default windows network config is asking for trouble -- a fact that's been known for years.
I don't think anyone really expected that would change with SP2, and to rely solely on a software firewall created by Microsoft is also asking for trouble.
I would bet the biggest uptick in compromised home computers will be due to wireless networks, a hot item for the back-to-school crowd this year. Most of these are sold without security features turned on, and the average user doesn't have a clue that they're broadcasting personal info to the world. I have a neighbor that uses his name as the broadcast ID, for instance -- it doesn't get much dumber than that.
Spyware Stormer will get it all on each scan.$29.95 0ne time charge.
As for spyware, I use SpywareZapper (Costa a one time fee) and it finds and removes stuff that Spybot and AdAware miss. It even removed a real annoying program called “Purity Scan” off of my dad’s computer when nothing else would do it. Also, it got rid of another tough piece of spyware called “Wild Tangent” off of my computer which showed up thanks to the newest version of AOL Instant Messenger.
Known by most geeks, few others. The masses will hear "firewall" and if they recognise the word at all will think it makes them safe. This is a real configuration problem. Personally, I'd know never to accept a default microsoft configuration if I had any windows computers to protect, as microsoft knows jack about security, but many people continue to trust them for reasons I don't fully understand.
You're quite right about the security issues with wireless networks. They are going to continue to be security nightmares. People think computers are like toasters, when they actually require more care and feeding than the average automobile. I wouldn't really care about it so much, and just be content using a computer that just works without hassles, but I'm definitely affected by the spam and raw network consumption from those who do not.
My wireless network uses full crypto, does not broadcast, and is tied to the MAC addresses of my wireless NICs. Unfortunately, this is not the configuration out of the box.
I do the same. Unfortunately, that's not quite enough.
I left a laptop running kismet on the couch for three months to see what it would dig up. My wireless network is fairly busy, and in all of that time the laptop only came up with ONE "interesting" packet. That's not nearly enough to crack a key, but I'm still using 40 bit cards because they're (a) cheap and (b) supported.
So I change my keys every two months, just to be sure. Use hexadecimal keys only, no names or words that can be looked up in a dictionary.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.