| « New Virtual Servers | Understanding Bandwidth » |
October 27th, 2006 [by Doug Alder]
There are many problems that face the smooth “operation” of the Internet and some, like the loss of “network neutrality”, and government censorship that threaten its very existence. Of all the threats however possibly the most serious today and into the future is that of the ever increasing proliferation of botnets1 run by criminal elements and foreign governments.McAfee has recently released a study (.pdf) that, even given security vendors’ proclivity for exaggerating the threat, should send chills down your spine. Further, Microsoft has also released a report (.pdf) that supports up what McAfee says.
Using data that came from customer use of Windows Malicious Software removal tool, Microsoft found that:
- Backdoor Trojans and bots continue to comprise a significant percentage of the malicious software detected by Microsoft antimalware offerings and therefore serve as a top threat to consumers and businesses alike.
- Attackers, with financial gain in mind, are clearly concentrating a significant amount of development focus on this category of malware. With more than 43,000 new variants found in the first half of 2006, backdoor Trojans and bots are the most active category of malware.
- Of the 4 million computers cleaned by the MSRT, approximately 2 million of the computers (or about 50 percent of those with malware present) contained at least one backdoor Trojan. While this is a high percentage, it is a decrease from the second half of 2005. During that period, the MSRT data showed that, of the computers with malware present, 68 percent contained a backdoor Trojan.
The Microsft document continues with these stats
Social engineering-based malicious software attacks continue to be active, especially those that spread through e-mail and P2P networks. Note the following:
- The percentages of machines infected with e-mail worms increased slightly, from 18 percent in H205 to 23 percent in H106. This increase can mainly be linked to the appearance of the Win32/Mywife.E worm (also referred to by CME-24 or as the Kama Sutra worm) in H106.
- P2P networks continue to be a common method of spreading malicious software; 17 percent of machines cleaned in H106 contained at least one P2P worm. The increase from H205 is mainly due to the addition of the Win32/ Alcan worm detection to the MSRT. This worm was discovered in April 2005.
- Even though the tool detects some of the most infamous instant messaging worms, including Win32/Kelvir, Win32/Bropia, and Win32/Mytob, data from the MSRT continues to show that instant messaging is a much less common vector for distributing social engineering-based attacks when compared to e-mail and P2P networks. Note that some malicious software uses live chat applications (especially IRC) as a mechanism to communicate between a server and a set of infected clients or zombies. While some vendors classify these threats as instant messaging worms, this report restricts the definition of instant messaging worms to only those that use the instant messaging mechanism to replicate.
If ever a business needed a reason to block P2P applications from their network this is it. The really frightening thing though comes in the McAfee report.
The electronic infrastructure of a Central American country sustained ongoing damage due to botnet activity in early 2006.
Imagine that. Taking down a whole country’s Internet capabilities for up to 6 hours at a time. Can you conceive of how much data and how many bots were required to do that? Denial of Service (DoS) attacks have come a long way from the days of IRC script kiddies flooding users off line with ping floods. Today’s attacks are Distributed Denial of Service (DDoS) using tens of thousands of computers to launch the attack from.There is no hint yet of an end to the growth of these networks. To help combat this menace, Microsoft has stepped up to the plate with their Malicious Software Removal (MSRT) tool and their security enhancements in IE 6 and 7 along with the security upgrades in their upcoming Vista OS, while other companies have produced scanners of one type or another. Software producers however can only do so much, users need to take responsibility for their actions and more importantly their inactions.Imagine what will happen if a hundred thousand plus botnet is turned loose on critical areas of the US information infrastructure. Imagine the government’s reaction afterwards. There is no bigger threat to the continuation of the Internet as we know it than the existence of these botnets.If you are operating your own server or contemplating doing so it is critical for your endeavor’s success that you not only keep the server patched up to date, but also to ensure the data center you are hosting it in has state of the art DDoS protection. RackForce has worked with its backbone providers to institute one of the most advanced DDoS monitoring and defense systems available.