BOTNET ATTACKS ARE BOOMING

By D.E.Levine

Botnets or networks of bots, software robots that run autonomously and automatically, frequently are malicious software.

Botnet attacks are thriving. Both U.S. and South Korean government Web sites were recently hit by distributed denial of service (DoS) attacks and North Korean is suspected. Although the attacks did no lasting harm, the FTC and the Department of Transportation both suffered outages. And the DoS attack is ongoing, with additional South Korean banks expected to be hit.

From 1,500 botnets identified 2 years ago, now there are 3,500 identified botnets today. They are usually specialized, designed for criminal tasks, and the most successful ones have survived for years operated by shadowy, untraceable groups.

Researchers frequently give botnets names but getting an actual count of how many compromised computers are under their control is tricky and inaccurate due to network technologies influences and constant change.

Conficker, a bot which has infected between 5 and 10 million Windows-based computers is still out there, but currently very quiet. When and where it will strike again, nobody knows, but it's certain to infect still more machines.

Spam botnets appear to be the easiest botnets to count. Cutwail, the top June botnet, generated more than 45% of all spam worldwide. According to Symantec MessageLabs division, the recent FTC shutdown of Pricewert, a web-hosting firm accused of illegal activities, seems to have disrupted the Cutwail botnet, which no longer ranks number 1.

Spam service buyers appear to be switching to Rustock, another botnet. Both Cutwail and Rustock have existed for several years and their master controllers are suspected of being in Ukraine or Russian speaking countries.

Prosecution of botnet illegal activities is extremely difficult due to activity across different countries with different legal systems.