Bots 'Dangerous' to Corporate Networks

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Think your corporate network is safe from a bot attack? Think there's noway one of your user's machines is part of a botnet?

Think again.

Bot attacks are quickly becoming a critical security issue for IT andsecurity administrators, according to industry watchers. And it's anissue that will need to garner more attention in coming months.

''This is extremely dangerous to corporate networks,'' says Carl Banzhof,CTO of Dallas-based Citadel Security Software. ''Corporate networks havelarge concentrations of systems that can be taken over relatively easilyby these bots. A laptop that's infected will come in, or someone on adesktop will open an email or visit a site that they shouldn't, and then[the bot] is on the network. It will automatically start looking forother computers, and it has an arsenal of exploits in its pocket toattack unsuspecting machines.''

Once the bot has circulated to other machines on the corporate network, aremote hacker would have the ability to toy with the company -- changinginformation, stealing files, encrypting data or even shutting down thenetwork.

''These things are more of a threat than IT managers generally suspect,''adds Banzhof.

Bots got quite a bit of attention last week when Zotob led the chargeagainst networks that hadn't yet updated a patch for a plug-and-play flawin Microsoft Windows. But despite the momentary attention, informationabout bots often takes a far back seat to information coming out onworms, viruses and Trojan horses.

And there has been some confusion over the differences between bots,worms and Trojans.

A bot is not a virus or a Trojan. A bot often is the payload in a virus,explains David Perry, global director of education at TrendMicro Inc., ananti-virus company based in Tokyo.

The bot is a piece of code that takescontrol of the infected computer and reports back to a remote mastercontrol program run by the bot writer. Computers also can be infected bybots by visiting a malicious Website or chat room.

The hacker tries to cultivate as many infected machines as possible,building a virtual army of zombie machines -- also referred to as abotnet. Once this botnet is in place, the hacker can use it to send outspam or launch denial-of-service attacks.

Steve Sundermeier, a vice president at Central Command, an anti-virus andanti-spam company based in Medina, Ohio, says a large enough botnet couldbe used to interrupt the Internet.

''The more bots, the more infectedmachines with these bots, the greater control virus authors have,'' saysSundermeier. ''The greater the army, the greater the possibility ofdestruction. I think there's a lot of theories about this huge army ofbots out there that have the opportunity to take down the Internet orraise other havoc. The possibility may exist. We just haven't seen ityet, thank goodness.''

But Sundermeier says what may be more troubling to IT and securityadministrators is the ability of bots to make their way into a corporatenetwork and take control of it.

A Bot on Your Network?

''Probably tens of thousands of companies have computers that are part ofa botnet,'' he adds. ''If you have a bot in your company, you could haveinformation leaking out.''

Gregg Mastoras at Sophos, Inc., an anti-virus and anti-spam company withU.S. headquarters in Lynnfield, Mass., says most CIOs or administratorshe talks to are quite sure they don't have any bots on their network. Andthen they're shocked when he finds them.

''The numbers speak for themselves,'' Mastoras says. ''Fifty percent of all spamnow originates from botnets. That's up from 40 percent six months ago.And it's not just all from consumer machines. That's a misnomer. Thereality is that very clearly many organizations are infected and don'teven know about it.

''We track where spam is coming from and we communicate with theorganization sending it, saying, 'Do you know you're sending out spam onRolex watches?' We're talking about thousands of organizations in theU.S. alone that are affected by it.''

And Banzhof says we're very close to a time when someone could hire ahacker with a botnet to infiltrate a specific company and steal data.

''Actually, it might even exist today,'' says Banzhof. ''You hire abotnet to hit a company and seek out and return specific information foryou. That could be facilitated every day in underground message boards.It's usually for scamming but it could be used for corporate espionage orcyber warfare even.''

Eric Yoshizuru, a product manager with Glendale, Calif.-based PandaSoftware, says stealing information could be just the beginning of acompany's troubles.

''It could be very bad depending on what kind ofinformation that user has access to. If they have access to a databasewith people's credit card information, then the whole company'sreputation is at stake. If they take over enough computers in thenetwork, they could actually shut it down... They could take criticalfiles and encrypt them and then basically hold them hostage.''

Analysts say keeping a system updated with the latest patches and keepinganti-virus software updated should take care of bot attacks. And all ofthat would be taken care of in a perfect world. But in a world where ITworkers are short-handed, budgets are tight and there literally are morepatches than one IT shop can hope to handle, bots are becoming a realproblem to deal with.