427 Botnet fm qxd

■
Spam in instant messaging (SPIM). An instant message is sent to you
by someone you know with a message like “You got to see this!” fol-
lowed by a link to a Web site that downloads and executes malicious
code on your computer.
Attacks against Unpatched Vulnerabilities
To support spreading via an attack against unpatched vulnerabilities, most
botnet clients include a scanning capability so that each client can expand the
botnet.These scanning tools first check for open ports.Then they take the list
of systems with open ports and use vulnerability-specific scanning tools to
scan those systems with open ports associated with known vulnerabilities.
Botnets scan for host systems that have one of a set of vulnerabilities that,
when compromised, permit remote control of the vulnerable host. A fairly
new development is the use of Google to search for vulnerable systems.
Every “Patch Tuesday” from Microsoft is followed by a flurry of reverse
engineering in the hacker community. Within a few days (3 for the last patch
Tuesday), someone will release an exploit against the problem that the most
recent patch fixed.The hacker community is counting on millions of users
that do not update their computers promptly. Modular botnets are able to
incorporate new exploits in their scanning tools almost overnight. Diligent
patching is the best prevention against this type of attack. If it involves a net-
work protocol that you don’t normally use, a host-based firewall can protect
you against this attack vector. However, if it is a protocol that you must keep
open you will need intrusion detection/protection capabilities. Unfortunately
there is usually a lag of some time from when the patch comes out until the
intrusion detection/protection updates are released.Your antivirus software
may be able to detect the exploit after it happens, if it detects the code before
the code hides from the A/V tool or worse, turns it off.
Vulnerabilities Commonly Exploited by Bots:
Agobot spreads via several methods including:
■
Remote Procedure Call (RPC) Distributed Component Object
Model (DCOM) (TCP ports 135, 139, 445, 593, and others) to XP
systems

Download 6,98 Mb.

Do'stlaringiz bilan baham: