Advertisement
Advertisement

Botnets tighten grip on Asia

The ranks of zombie PCs are swelling as malicious networks prey on broadband opportunities

Networks of compromised personal computers, or 'botnets', are evolving into the internet's most lethal scourge as perpetrators ride a wave of global expansion in broadband infrastructure.

This trend was unveiled in two separate studies by computer security giant Symantec and the international non-profit Honeynet Project and Research Alliance.

Both studies described the potential for more PCs being turned into zombies and controlled by hackers or criminal organisations until the broadband growth rate slows.

The Honeynet Project report released last week has tracked more than a million PCs compromised and controlled by malicious attackers, but noted that this was a conservative estimate.

Machines with a broadband internet connection that is always on are prime targets for attackers. They use automated techniques to scan specific network ranges and find vulnerable systems, such as Windows-based PCs with no updated security patches or firewall protection.

Attackers then install so-called bot software that listens for and responds to commands, usually via an internet relay chat channel. The bot program used can be remotely upgraded to incorporate exploits that target new system weaknesses and add more botnets.

'We know about a home computer which got infected with 16 different bots, so it's hard to make an estimate about world bot population,' the Honeynet Project report said. 'As broadband connections increase, so do the number of potential victims of attacks.'

The latest edition of Symantec's Internet Security Threat Report, released today, found Britain and the United States led the top 10 countries having the most number of bot-infected computers, each with 25 per cent of the total number of botnets that it tracked worldwide from July 1 to December 31 last year.

Mainland China, which is experiencing rapid growth in high-speed broadband connections, had an 8 per cent share, and was number three worldwide. Taiwan, South Korea and Japan each had a 3 per cent share, and ranked eight, nine and 10.

Symantec also identified the top 10 bot-infected cities in Asia. According to rank, these included Beijing, Taipei, Seoul, Guangzhou, Hong Kong, Hangzhou, Ningbo, Singapore, Makati and Wuhan.

Beijing accounted for 21 per cent of the bot-infected computers in the region. Taipei recorded a 20 per cent share, while Hong Kong had 6 per cent.

The immense size of botnets - some hackers can string together tens of thousands of zombie machines for an attack - make them serious threats. These have been used for denial-of-service attacks, which block or slow the ability of a network service, such as e-mail, to function and serve their users. They can also take down almost any website or network instantly, and serve up other malicious programs, such as spyware.

Bots have helped hackers and criminal organisations send spam, spread mass-mailing worms, sniff data traffic to harvest sensitive information such as usernames and passwords, install keylogging software to steal encrypted data, abuse online advertising programs, manipulate online polls and games, and undertake phishing scams.

The Honeynet Project report said some botnets consisted of only a few hundred bot-infected machines, while others number in the tens of thousands. Combining 1,000 bot-controlled PCs, each with an average data upstream capacity of 125 kilobits per second, could offer bandwidth of more than 100 megabits per second.

'The big problem with this situation is that many PC owners are unaware that their machines are being controlled and used for illegal activities,' said Roy Ko Wai-tak, manager of the government-funded Hong Kong Computer Emergency Response Team Co-operation Centre.

Michael Gazeley, managing director at Hong Kong-based security appliance maker Network Box, said the level of bot infection may have had a direct impact on the spread of spyware. 'We tracked almost a third of all daily connections being made in Hong Kong to spyware sites,' he said.

Still, the Symantec report found some good news. It said the number of botnets monitored declined to below 5,000 a day at the end of the year. In the first six months of last year, botnets tracked by Symantec numbered on average more than 30,000 a day.

David Sykes, senior director for Asia-Pacific enterprise sales at Symantec, said the bulk of the decrease occurred in mid-August last year, with a significant drop on August 19.

The timing of the drop in botnets corresponded with the wide availability of Microsoft's Windows XP Service Pack 2, a software update designed for PC users to better defend their machines against viruses, spyware and other malicious programs.

Post