and how to avoid being turned into a cyber zombie
Botnets are getting some bad press because cyber-criminals are employing other people’s computers, without their knowledge or permission, to perform deeds of dubious legality. But the idea of joining desktop PC to form a controlled network is not always bad. In 2002 Search for ExtraTerrestrial Intelligence invited people to contribute their spare computing capacity to analyse the data from space in a search for patterns indicative of intelligent life out there.
But when computers are networked without the consent of the owner, by people we don’t know and are used for purposes that are, at the very least, antisocial we should worry.
One of the most worrying is the Storm botnet. It was ‘assembled’ by the Storm worm (which infects computers using the Trojan Horse tactic). The system that might turn your computer into a ‘zombie’, operates in stages. The first infection is only a trapdoor. Often an SMTP relay is installed so that the machine can act as the source of emails. Next might follow some software to capture and contribute email addresses. Other components follow.
There is little point in listing the names of these infections as they are changed and many mimic or replace software that is required by your computer. Once fully infected, this zombie computer is known as a bot and performs automated tasks like gathering data, attacking a web site, or sending infected spam without its owner's knowledge.
Estimates for the botnet ‘recruited by’ Storm vary from one to fifty million ‘zombie’ computers (September 2007). Its formation began around January 2007 and by October there was evidence that parts of the botnet were being traded to other cyber-criminals.
Botnets such as Storm are in the spam business. So you know this is not some fiction. It is really happening. The danger it poses is real. We should worry that there is so much computer power in the hands of criminals.
The threat they pose is not just to disrupt a bit of on-line shopping or postponing some gratification from an adult channel. The Internet is a serious tool used by hospitals, law enforcers, banking and countless information exchangers upon which the successful operation of society is coming to depend.
A botnet is powerful and its controllers are both clever and subtle. You might have spotted random pieces of text, or just a string of words, in the spam message with a link embedded. By changing the content for every message, the spam can slip through any filters that work by identifying a particular block of text. Earlier, the spammers sent their messages in the form of an image. Now they have found ways of adding them to MP3s.
With so many machines in the botnet, one bot might send a small batch of spam and hand over to another by the time action is taken to block the first spam sender. To make matters worse, the botnet can even ‘attack’ sites such as Spamhaus that work tirelessly to help Internet Service Providers restrict the spread of spam. The online operations of some security vendors who attempted to investigate the Storm botnet are reporting attacks.
This is a network that defends itself. So far, so good. The guiding principle seems to be strictly business rather than ‘world domination’. A good plot for some crime fiction perhaps.
If any national security authorities are responding, one must conclude that they are being ineffective. The botnets continue to grow in size and number. Until the digital arteries are blocked in some critical way, the authorities are unlikely to act and the criminal botnets probably want to avoid such a showdown. So the official response is likely to remain minimal and ineffective.
So I fear that anti-social botnets are here to stay.
What should you do?
It is difficult to avoid infection. Many of the emails are credible: The offers they make to entice you to run their software are attractive. Microsoft and Adobe have both allowed their files to become vectors for executable code that will infect computers (but they have woken up to the damage their negligence has caused). Make sure you update your various freeware programmes such as Firefox, Thunderbird, Explorer, Adobe reader. Many of the recent updates look like bot-stoppers so keep updating!
We all need to get used to checking and dealing with the problem.
Spotting the signs:
The only system I employ is to monitor the lights that indicate if my link or hard disk are active. If it gets busy, I want to know why. So far, it has always been because my email is downloading an attachments or the FTP is doing a file transfer.
Sadly, the virus can now get behind the virus protection. The good guys will fight back but they are barely holding their own at the moment.
Finding and fixing:
If you use Windows XP, and this is the operating software that the botnet criminals target, you can read about it:
If you want to be a good cyber-citizen you might want to check that your machine is clean. Download a tool (and read some more about it):
Or use their online tool to check listed on the page link above ( but you have to trust MS not to take a good look at your system while they are doing it – They chose to disable most of my son’s student version of their Office software in the guise of ‘updating it’. Very naughty Microsoft!)
The message for users is:
2007 Chas Jones