Hi folks,
I was asked why consumers should care about botnets, and after a little bit of thought, I decided the best way to explain it was to bring a famous quote into the Internet age, so with deep and sincere apologies to Martin Niemöller, let’s begin…
First they came for the Twits, but I did not Tweet, so I did not speak out.
Then they came for the Ebayers, but I did not auction things online, so I did not speak out.
Then they came for the MySpacers, but I had no Space, so I did not speak out.
Then they came for the FaceBookers, but I only talked to _my_ friends on FaceBook, so I did not speak out.
Then they came for my credit card and my bank account, and they had sooooooo much dang background information on me, I couldn’t stop ‘em. Rats!
All kidding aside, this really is the nub of the matter. No one wants their machine to be a bot, but they don’t care if someone else’s is, and yet the Internet has made us all so interconnected that we are all uncomfortably, albeit unwittingly, close to hacked and botted machines. They don’t call it the Web for nothing.
Let me give you an example… a good friend of mine recently received a desperate email from a friend of his who was traveling overseas. The friend told him that he’d been robbed, and needed money urgently. My buddy is pretty savvy about computer security, and was immediately suspicious. He asked his friend all sorts of questions to establish his identity, and the friend answered everything perfectly. My buddy decided it was legitimate, and wired him $700. It turned out that his friend had had his FaceBook account phished, and the Bad Guys (we call them the Data Snatchers) were able to profile the victim and my buddy completely.
The whole point is that once the Data Snatchers have a bot on your machine, it is no longer your machine. It’s theirs, and they can do what they want. All botnets have a Command and Control mechanism, with a control page that looks something like this (click to enlarge)…
This is a page from an old version of the El Fiesta exploit pack. The stats include which countries have been nailed, and which exploits have been successful on which operating systems and which browsers.
Sometimes it’s a single server, but that’s not very popular, because if the Command and Control server gets shut down, they lose their botnet, so more often, they use a network of redundant servers, that all back each other up. If they lose one, another takes over.
On your pc, they will probably install a keylogger to steal all your user ids and passwords, and all of your contacts email addresses, so that they can be attacked from your machine. They usually also install a rootkit that will burrow into the operating system to resist detection and removal. Rootkits typically modify the operating system so that if anything like an antivirus program tries to find the malcode the rootkit is protecting, the rootkit removes those entries from the list of programs on the machine. Once they have hold of your machine, they don’t want to let it go.
Next they’ll likely use your machine to send spam to random email addresses, advertising Rolexes for $15 and Viagra, which might or might not be real. Here’s a picture of a botnet command and control machine that’s directing the bots to send spam. Every few seconds, the page refreshes with a different list of email addresses to spam, and possibly a different image to send out.
Your machine might also be used to store pornography, which is likely to get you into trouble if ever you put the machine in to some shop to be serviced.
If you’re like me, and that doesn’t sound appealing, the best idea is to ensure that your machine doesn’t get botted by keeping it patched, and by installing a quality antivirus program. These days a “quality” antivirus means one that includes a dedicated webscanner, because all the attacks that install bots come from the Web, and a good behavior monitor. These days, the Bad Guys produce 20,000 to 30,000 new bits of malcode each day, so any product that relies on signatures only simply can’t keep up properly.
The next step to keep safe after that is to develop a healthy dose of skepticism. No one wants to send you $6,000,000. You are not a winner. You are not the millionth visitor to that website. You don’t have a secret admirer, and the “pretty Russian girl” who wants to be your friend, is probably not Russian, and not pretty, and probably not even a girl. They just want your PC.
Then what you have to do is to speak up for the Twits and Ebayers and MySpacers and FaceBookers, before they come for you. Encourage all your friends, family, neighbors and workmates to be responsible. Everyone needs to take a stand against botnets now.
Let’s be clear. At some point, your pc will be attacked, and it will be from the web. Not just your pc, but your family, your friends, your neighbors and your workmates. If you or they are not protected, you, or they, are potentially a victim.
Keep safe,
Roger
Comments