Bot blitz means computer users must keep their guard up

PUBLISHED : Tuesday, 20 September, 2005, 12:00am
UPDATED : Tuesday, 20 September, 2005, 12:00am
 

On the internet, a botnet refers to a group of software robots - called 'bots' - covertly embedded on vulnerable personal computers by an attacker. Through these hidden bots, the attacker can remotely control these compromised machines, usually through internet relay chat - a form of instant communication online.


In most cases, bots are used to spread new bots, acting similarly to a mass-mailing worm. So the number of computers with high-speed online service in a region is a significant factor to determine the number of zombie computers involved in a botnet.


New broadband customers might not be aware of the additional security precautions needed when exposing a computer to high-speed internet connection. Windows systems are the most commonly exploited.


Commands such as '.advscan 1sass 150 5 0 -r -s' are some of the most frequently observed messages of bots searching for unsecured computers, according to researchers. A typical communication observed after a successful infection looks like this: '- :ircl.XXXXXX.XXX NOTICE AUTH :*** Looking up your hostname.'


Organisations should employ the defence in-depth approach - overlapping and mutually supportive defence systems to guard against single-point failures in any specific protection methodology. This should include the deployment of anti-virus, firewalls and intrusion-detection systems.


Network administrators should subscribe to a vulnerability alerting service and apply necessary software patches across the enterprise.


Individual broadband users should always deploy a firewall and internet security software that is regularly updated.


Share

 

Send to a friend

To forward this article using your default email client (e.g. Outlook), click here.

Enter multiple addresses separated by commas(,)

For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive