Doug’s Dynamic Drivel

There are many problems that face the smooth “operation” of the Internet and some, like the loss of “network neutrality”, and government censorship that threaten its very existence. Of all the threats however possibly the most serious today and into the future is that of the ever increasing proliferation of botnets¹ run by criminal elements or foreign governments.

McAfee has recently released a study (.pdf) that, even given security vendors’ proclivity for exaggerating the threat, should send chills down your spine. Further, Microsoft has also released a report (.pdf) that supports up what McAfee says.

Using data that came from customer use of Windows Malicious Software removal tool, Microsoft found that:

• Backdoor Trojans and bots continue to comprise a significant percentage of the malicious software detected by Microsoft antimalware offerings and therefore serve as a top threat to consumers and businesses alike.

• Attackers, with financial gain in mind, are clearly concentrating a significant amount of development focus on this category of malware. With more than 43,000 new variants found in the first half of 2006, backdoor Trojans and bots are the most active category of malware.

>li>Of the 4 million computers cleaned by the MSRT, approximately 2 million of the computers (or about 50 percent of those with malware present) contained at least one backdoor Trojan. While this is a high percentage, it is a decrease from the second half of 2005. During that period, the MSRT data showed that, of the computers with malware present, 68 percent contained a backdoor Trojan.

The MS document continues with these stats

Social engineering-based malicious software attacks continue to be active, especially those that spread through e-mail and P2P networks. Note the following:

• The percentages of machines infected with e-mail worms increased slightly, from 18 percent in H205 to 23 percent in H106. This increase can mainly be linked to the appearance of the Win32/Mywife.E worm (also referred to by CME-24 or as the Kama Sutra worm) in H106.
• P2P networks continue to be a common method of spreading malicious software; 17 percent of machines cleaned in H106 contained at least one P2P worm. The increase from H205 is mainly due to the addition of the Win32/ Alcan worm detection to the MSRT. This worm was discovered in April 2005.
• Even though the tool detects some of the most infamous instant messaging worms, including Win32/Kelvir, Win32/Bropia, and Win32/Mytob, data from the MSRT continues to show that instant messaging is a much less common vector for distributing social engineering-based attacks when compared to e-mail and P2P networks. Note that some malicious software uses live chat applications (especially IRC) as a mechanism to communicate between a server and a set of infected clients or zombies. While some vendors classify these threats as instant messaging worms, this report restricts the definition of instant messaging worms to only those that use the instant messaging mechanism to replicate.

If ever a business needed a reason to block P2P applications from their network there’s one there.

The really frightening thing though comes in the McAfee report.

The electronic infrastructure of a Central American country sustained ongoing damage due to botnet activity in early 2006.

Imagine that. Taking down a whole country’s Internet capabilities for up to 6 hours at a time. Can you conceive of how much data and how many bots were required to do that? Denial of Service (DoS) attacks have come a long way from the days of IRC script kidddies flooding users off line with ping floods. Todays attacks are Distributed Denial of Service (DDoS) using tens of thousands of computers to launch the attack from.

There is no hint yet of an end to the growth of these networks, and yes it is primarily Microsoft’s fault, due to the insecurity of their older OS versions (it looks like Vista will be a significant improvement.) However it is not just MS’ fault. Users need to take responsibility for their actions and more importantly their inactions. It’s too late to require a license to operate a computer and that is unfortunate. Most people should not be allowed near one.

Imagine what will happen if a hundred thousand plus botnet is turned loose on critical areas of the US information infratsructure. Imagine the government’s reaction afterwards. There is no bigger threat to the continuastion of the Internet as we know it than the existence of these botnets.

Related posts

• No related posts.