Saturday, March 14, 2009

BotNet video

Here’s an interesting video from the BBC Click program about BotNets. It shows how BotNets are used to send spam emails as well as Distributed Denial Of Server (DDOS) attacks.


Also on Click you’ll find “Cyber crime attack from the east” which gives you an idea of the business behind cyber crime.


It is interesting to consider that we are building our ‘new world order’ on technologies that were never designed with security in mind. Likewise, there are so many users out there who have no idea their machines are infected and being controlled by someone else. It is amazing to think that many vulnerabilities used by Botnets exploit bugs that have a patch or update available from the vendor. The problem is too many people are using computers connected to the Internet without understanding the basics. Given the world wide reach of the Internet this causes a huge problem when the power of these infected machines is harnessed into a BotNet.


Interestingly, the BBC seems to have gotten itself into some trouble about what actions it took while performing the demonstrations in its show as detailed in “BBC cyber crime probe backfires”. This relates to the fact that the BBC used user’s computers without their knowledge and also made modifications to their systems, even if it was to warn the use that their PC was infected. This again illustrates why cyber criminals are always going to win. When someone like the BBC does a expose on BotNets it runs the risk of running foul of authorities, yet users who haven’t maintained or secured their systems and connect them to the Internet face no ramifications! In many cases the only way that some people will know they are infected with a trojan acting as part of BotNet if is they are told. While we debate the ethics of alerting users, cyber criminals simply go about their business and infect more machines.


So, watch the video. Make sure you machine is patched and scanned for viruses and spyware. Then make sure you tell other people to do the same, because knowledge is really the only defence we have against BotNets.