Bot blitz means computer users must keep their guard up

PUBLISHED : Tuesday, 20 September, 2005, 12:00am
UPDATED : Tuesday, 20 September, 2005, 12:00am

On the internet, a botnet refers to a group of software robots - called 'bots' - covertly embedded on vulnerable personal computers by an attacker. Through these hidden bots, the attacker can remotely control these compromised machines, usually through internet relay chat - a form of instant communication online.

In most cases, bots are used to spread new bots, acting similarly to a mass-mailing worm. So the number of computers with high-speed online service in a region is a significant factor to determine the number of zombie computers involved in a botnet.

New broadband customers might not be aware of the additional security precautions needed when exposing a computer to high-speed internet connection. Windows systems are the most commonly exploited.

Commands such as '.advscan 1sass 150 5 0 -r -s' are some of the most frequently observed messages of bots searching for unsecured computers, according to researchers. A typical communication observed after a successful infection looks like this: '- :ircl.XXXXXX.XXX NOTICE AUTH :*** Looking up your hostname.'

Organisations should employ the defence in-depth approach - overlapping and mutually supportive defence systems to guard against single-point failures in any specific protection methodology. This should include the deployment of anti-virus, firewalls and intrusion-detection systems.

Network administrators should subscribe to a vulnerability alerting service and apply necessary software patches across the enterprise.

Individual broadband users should always deploy a firewall and internet security software that is regularly updated.