June 01, 2010, 8:00 AM — Look around you. If you're in an office or coffee shop where people are using Windows, chances are someone's PC is now, or recently has been, part of a botnet.
How does it feel to be part of organized crime? What? You think organized crime is something that happens on the U.S./Mexican border or in television series like The Sopranos? Nonsense. It could be happening right now on your computer with a botnet and you might never be the wiser.
Think you've got good security? Well, maybe you do. But can you say the same for your colleagues and friends? Probably not. According to RSA, EMC's Security Division, even at Fortune 500 companies 88% of them had systems that had been accessed by infected machines and 60 percent of them had experienced stolen email account information.
And who runs those botnets, these collection of Windows PCs linked together for nefarious purposes? Some teen-aged geek with no social life and a high-speed Internet connection? That is such a 1990s view. No, today, as Matt Watchinski, the senior director of the Vulnerability Research Team for network security provider Sourcefire, said, "Cybercrime is a big business and anyone interested in making money illegally can run them, no matter what your skill level is."
"Cybercrime is a big business and anyone interested in making money illegally can run them, no matter what your skill level is."
Most of them though, said, Bradley Anstis, VP of Technology Strategy for M86 Security, are "run by professional crime organizations. They successfully monetize their work through a variety of methods -- affiliate programs being one of them. In the case of spam, a company called GlavMed operates the most prominent affiliate program, the 'Canadian Pharmacy' brand. We've also seen Koobface utilizing affiliate programs, particularly those involved in the distribution of Scareware installations. We see the impact ZeuS is having on small to medium businesses. Zeus, while distributed by botnets, does not monetize through selling products, it monetizes by stealing money from those it infects and it is apparent that this methodology nets cyber-criminals a pretty penny."
The botnet makers and distributors are, according to Timothy Armstrong, an anti-virus researcher at Kaspersky Lab "are just one part of the food chain. The botnet owners have crafted zombie networks of infected computers that can be remotely administered. However they often purchase the malware as opposed to writing it themselves.
It's not just crooks looking for quick cash though. Ken Pappas, CEO of True North Security, remarked, that "individuals, terrorists, radical groups, anyone or a group of people seeking to make a financial gain, espionage or other gains for themselves or their country" are using botnets.