Networks of computers that are exploited by spammers and hackers to
forward junk e-mail and viruses without the knowledge of the PC
user, known as bot networks, are on the increase, according to
anti-virus firm Symantec.
Networks of computers that are exploited by spammers and hackers to
forward junk e-mail and viruses without the knowledge of the PC
user, known as bot networks, are on the increase, according to
anti-virus firm Symantec.
A bot (short for 'robot') is a program that is covertly
installed on a targeted system, allowing an unauthorised user to
remotely control the computer for a wide variety of purposes.
Co-ordinating a group of bot-controlled systems makes a bot
network, used to increase the speed and breadth of attacks.
In the last six months, Symantec's average daily number of
monitored bots has grown from under 2,000 to more than 30,000,
peaking at 75,000 in one day.
Symantec warns that bot networks create unique problems for
business, as they can be remotely upgraded with new exploits very
quickly, which could potentially allow attackers to outpace an
organisation's security efforts to patch vulnerable systems.
Patching is itself becoming more difficult, according to the
report, which found that the time between the announcement of a
vulnerability and the release of associated exploit code had
reduced to an average of just 5.8 days.
The number of vulnerabilities within systems had also increased,
with Symantec documenting more than 1,237 new vulnerabilities
between 1st January and 30th June, 2004, an average of 48 new
vulnerabilities per week.
The report found that internet attacks were greatest against
e-commerce, which suffered 16% of all attacks – a 400% increase on
the previous six months.
This rise, says Symantec, may indicate a shift from attacks
motivated by notoriety to attacks motivated by economic gain, a
possibility that is strengthened by an increase in phishing scams
and spyware, which are designed to steal confidential information
and pass it along to attackers.
Small businesses were the second highest target for hackers, but
internet attacks in general are decreasing, according to the
report.
"As this latest Internet Security Threat Report demonstrates,
exploits are being created more easily and faster than ever, while
attackers are launching more sophisticated attacks for financial
gain," said Arthur Wong, vice president, Symantec Security Response
and Managed Security Services.
"Software vulnerabilities and targeted attacks remain a primary
area of concern for organisations and individuals," he warned.
In the future, Symantec predicts that bot networks will employ
increasingly sophisticated methods of control and attack
synchronisation that are difficult to detect and locate. The firm
also expects to see instances of port knocking, a method attackers
may use to open closed ports on potential target systems.
The anti-virus firm expects that recent Linux and BSD
vulnerabilities will be used as exploit-based worms in the near
future and that there will be more attempts to exploit mobile
devices. (BSD originally stood for Berkeley Software Distribution
and refers to a version of the Unix operating system.)
