Windows Attacks Skyrocket, Bot Networks Breed Like Minks

In an associated trend, the bulk of those Windows-attacking worms and viruses came with a backdoor component. Such backdoors, like those deployed by worms as varied as MyDoom and Bagle, are becoming standard fare in malicious attacks. "The vast majority of these worms come with a backdoor to create a spam proxy or monitor transactional data or steal credit card data," said Huger.

In turn, the "popularity" of backdoors led to an upsurge in the number of bots and bot networks in the first half of 2004. According to Symantec, the number of monitored bots -- compromised computers that can be controlled by an attacker, then used for almost any task, including denial-of-service attacks or sending spam -- climbed from around 2,000 per day at the start of the year to more than 30,000 per day by its mid-point, with spikes as high as 75,000.

"The number of bots ties directly to the sheer number of worms and viruses," said Huger. "The two are married at the hip. More worms mean more bots, and the more successful bot owners are, the more worms they want to spread."

Not only are bots breeding like minks, but bot networks, the hacker-run collections of bots rented out to organized crime groups and spammers, are becoming more complex. Bot owners are turning to sophisticated enterprise-like techniques to manage their far-flung PC empires.

"Some of these bot networks are using load balancing to boost the productivity of each compromised system," said Huger, while others are putting into play techniques like rate limiting, which restricts the amount of bandwidth or disk space used by the bot.

Bot owners do that, said Huger, to fly under the radar. "They want to retain these computers because they see them as valuable assets," said Huger. By limiting the bandwidth that a bot consumes, or restrict the disk space it uses, it's less likely the PC's owner will notice that his or her machine's been hijacked.

Rival security firm McAfee also noted Monday that bots have become a major problem during 2004. More than half of the threats added to its database so far this year have been bots, said Vincent Gullotto, vice president of McAfee's virus research team.

"We're seeing 25 to 50 new bot threats every single day," said Gullotto.

Worm writers, too, are "more professional," said Symantec's Huger. "They're releasing multiple iterations in one day to fix bugs on the fly, just like commercial developers," he said. "They're not doing that just to kill time. They're doing that to improve the 'take-up,' the 'response rate' if you want, of the worm."

While bad news abounds, Huger was hopeful that the Windows XP Service Pack 2 (SP2) update released last month will help stop worm attacks and thus slow the growth of bot networks. "I think we'll see a positive impact, but in reality, time will quickly tell. We should have an idea if SP2's working by the end of the year."

This story courtesy of TechWeb .