Monday, January 05, 2009

Botnets -- a dangerous threat

Botnets is a short form for network of robots. In this context, a robot (or a bot) is really a computer program. A bot in theory is not malicious always. Theoretically bots re computer programs meant for performing an automated task without any need for user interaction. But they have become a real scope for security threat these days. A maliciously coded bot just distributes itself across the network all over and tries to do the damage.

End-user computers might be highly vulnerable to viruses/malwares due to the ignorance of the users or being lethargic. However most servers are very well protected by qualified admins from any such vulnerabilities. But any server is still vulnerable to Denial of Service (Dos) attacks. Especially Distributed DoS is almost a impossible problem to solve based on the level of distribution. IP blacklisting is impractical in DDoS. This is the vulnerability that the botnets mostly exploit. They just bombard the server with requests that the server has to go down or become so slow that it's as good as dead.

The most worrisome part of botnets is that they are spread all over before they begin the damage. Even yours and my computer might have one or more botnets without we knowing about it. Botnets are difficult to identify as they mostly do not harm the infected computer -- after all that is not the intention. They use your computer as a shooting shoulder.

So how do they know when to attack and whom? They have the concept of command and control. There is a botnet commander who issues commands to all the botnets and assigns their next job. No, it is not possible to blacklist the commander from the network, as over time the hackers have matured and now there is usually a swarm of commanders. The commanders themselves are usually distributed ; there is usually a super commander which leads the swarm and they know how to elect a new superior if the existing one is found missing (probably shot down).

It is feared that there are thousands (or even more) of such botnets (not just bots, but networks) around the Internet -- and this is still growing at a fast pace. It is very difficult to spot the botnets as they reside on end-user computers as innocent and invisible applications. I read that some new versions of AntiVirus products detect the presence of bots on the end-user side -- but not sure on what basis (maybe rookits?) and how effective are they. So even though the botnets exist for sure, the extent to which they have spread in the Internet is still a dreadful speculation.

Now comes the scary part. It is feared that these botnets might form the future of cyber war. In years to come, these might have occupied billions of computers all over the world and someone remotely might have full control over all those computers and do what they want! With the pace of development in technologies and the reliance on the Internet for various services, in the future, these botnets might not just cause financial, technological, political damage but may even cause human casualty. It is also feared that some techies are cultivating these botnets all over the world and are renting it out on specific targets for a price!!! This apparently is a business!

It is really worrying that a wonderful platform like the Internet is being misused upon even before the technologies mature enough for the benefit of the mankind -- at which point, the damages that these culprints can cause could be vital!! The problem is complicated because it is to protect all the end-user computers; not everyone is aware of even the simplest of attacks, forget about botnets. In my opinion, this problem has to be addressed from being outside the endpoint security to be really robust. It's high time that security experts think of some fool-proof mechanisms to protect against these propagations and attacks -- I'm sure they know even without me having to tell them! I'm scared!

No comments:

Post a Comment