The botnet business

Cybercrime is a big business and anyone interested in making money illegally can run them, no matter what your skill level is.

Page 2 of 2

Rob Jamison, Manager of Network intelligence, BT Managed Security Solutions Group, added that "some of the larger botnets are de facto controlled by Eastern European crime syndicates, but many others have botmasters in North America, Brazil, and Europe. Chinese hackers also have been extremely effective in infiltrating organizations via spear-phishing attacks and use botnet technology in their attempt to exfiltrate information. While credit card theft is on the decline as it has become more difficult to profit from a stolen credit card number outside of the country of issue, selling stolen banking information to the highest bidder in the secondary market is still the leading business model. The stolen banking information is most often used with 'money mule' operations to steal money from victims' bank and credit card accounts. The botnet operators generally focus only on acquiring and selling the stolen information to separate criminal groups who operate the money mule scams." Of course, as Watchinksi explained, "It typically starts with an expert programmer who will put together an exploit kit. An exploit kit usually consists of two components: a command and control server and a bot client generator. Both can be sold for thousands of dollars to many script kiddies. At this point, the expert programmer is out of the picture because he's accomplished his goal of making a good return on his invested time." "Next," continued Watchinski, "a script kiddie will set up a command and control server and will use the bot client generator to create malware that will talk back to the command and control server in order to get marching orders. The goal for people engaged in cybercrime is to get that big payout. For that, the script kiddie must get his bots onto consumers' machines and maintain presence. Infecting a machine will usually be done via social engineering (for example, the script kiddie will send out spam with an infected attachment that he'll try to get you to click on) or by exploiting vulnerabilities in order to run malicious code on victims machines without their intervention." Armstrong added that, "The botnets are [spread] by various methods and types of delivery such as social networks, email attachments, and drive-by downloads. They then offer the use of the botnet on forums as a service for things like Denial of Service attacks, sending of Spam, as well as delivery of other malware for identity theft, among other things. It should be emphasized that this is organized crime. Malware authors and botnet owners must work together for success, along with many others. Multiple cottage industries have developed to fill these gaps, such as the use of money mules, packer authors (malware that is packed is much harder to detect), bulletproof hosting (website hosts who do not care what is posted on their servers), and money launderers. This is a constantly evolving market." Besides being in a constant state of evolution, we're sorry to report, more and more Windows PCs are in botnets. How many all together are infected by botnet malware? No one knows exactly, but most authorities wouldn't quibble with saying that tens of millions of Windows PCs are infected with botnets. Including, quite possibly the one you're sitting at right now. While there have been scattered reports of botnets running on Linux and Mac OS X, botnets are really a Windows problem. If there are indeed any active Linux or Mac OS X botnets, they're out-numbered by tens of thousands to one. As Scott Emo, head of endpoint solutions at Check Point observed, "When it comes to Botnets, size does matter. The larger the Botnet network, the more 'robot soldiers' the Botnet operator has to do damage." However, there is such a thing as being too big, too obvious, for its own good. Ben Greenbaum, senior research manager at Symantec Security Response said, "The Conficker worm spread so fast and so widely, infecting millions of machines, that we think it simply garnered too much attention to be useful to the cybercriminals behind it. For this same reason, cybercriminals are steering away from amassing extremely large botnets to creating many smaller botnets; thereby helping to ensure that they don't attract too much attention. If you think about it, this strategy just makes better business sense. If you run one large botnet, and it gets shut down, you're out of business. However, if you run a handful of smaller botnets and one gets shut down, you might take a hit, but you're still around to wheel and deal another day." So, there you have it. If you have a Windows PC, you have criminal organizations around the world that want to make your machine part of their enterprise. Oh, and by the way, perhaps they'll steal your credit card and bank account numbers while they're at it. Next up, we look at the top botnets and what you can do to prevent attacks from them.

| 1 2 Page 2
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon