427 Botnet fm qxd

antivirus software to claim that a system is clean when it encounters and
cleans one component of a multicomponent bot. Because each component is
downloaded when it is needed after the initial infection, the potential for a
system to get a zero day exploit is higher. If you are in an enterprise setting,
you take the risk of putting a bot back into circulation if the effort to clean
the malicious code isn’t comprehensive. Rather than take that risk, many IT
departments opt to re-image the system from a known clean image.
Botnet attacks are targetable.That is, the hacker can target a company or a
market sector for these attacks. Although botnets can be random, they can also
be customized to a selected set of potential hosts.The botherder can con-
figure the bot clients to limit their scanning to hosts in a defined set of
Internet Protocol (IP) addresses. With this targeting capability comes the
capability to market customized attacks for sale.The targeting capability of
botnets is adaptive as well.The bot client can check the newly infected host
for applications that it knows how to exploit. When it determines that the
host owner is a customer of, for example, an e-gold account, the client can
download a component that piggybacks over the next connection to e-gold
the customer makes. While the host owner is connected to their e-gold
account, the exploit will siphon the funds from the account by submitting an
electronic funds transfer request.
How Big Is the Problem?
The latest Internet Threat report (Sept 2006) released by Symantec states that
during the six-month period from January to June 2006 Symantec observed
57,717 active bot network computers per day. Symantec also stated that it
observed more than 4.5 million distinct, active bot network computers. From
our experience in an academic environment, many bots we saw were not
usually detected until the botherder had abandoned the computer. As soon as
the bot client stopped running, the remnants were detected.This is to say, the
actual number is much larger than what Symantec can report. Recall that one
of the bot client modules is supposed to make the antivirus tool ineffective
and prevent the user from contacting the antivirus vendor’s Web site for
updates or removal tools.

Download 6,98 Mb.

Do'stlaringiz bilan baham: