« PreviousNext »

Botnet Recruitment Methods

19 February 2009

Botnets are continuing to increase in number, even after the takedown of McColo late last year.

Tom Olzak has a interesting article on ZDnet about how bot herders continue to recruit new additions to their botnets.

What I found interesting was the statistics that he quoted from an article by Richard Adhikari on Internet.com

Spam and pharming for bots feed each other. Bots send spam and many spam messages help recruit. And spam is on the rise as a percentage of the global message total.
According to Adhikari’s article, the percentage of e-mail messages identified as spam has grown from 72 percent in the fourth quarter of 2008 to 85 percent in January (about 150 billion messages), with no signs of slowing.
So much of this spam is intended to increase the size of botnets, which increases the amount of spam, which increases the size of botnets, ad infinitum.

These numbers alone should be a wake-up call for organizations that refuse to implement even the most commonsense defensive measures, such as blocking spam, security awareness education, and egress filtering on the firewall. These measure should be implemented along with those mentioned in the article.

Preventive measures are well known but often not implemented, including:
* DO NOT allow users to log in as local administrators. At the very least, limit their system access when accessing the Internet. (See Use DropMyRights to protect systems from admin users.)
* Filter Web site access. If you don’t have the budget to pay for this, OpenDNS is a great way to provide this function.
* Ensure your DNS services are patched and security configured. If you don’t host your own service, check for vulnerabilities with free services like the DNS Nameserver Spoofability Test. If vulnerabilities exist, work with your vendor to fix them. If necessary, switch to a service more attentive to your network’s security.

I suggest everyone read the full article here.

Archived in Security | | Top Of Page