Attack of the killer bots

If malware were insects, botnets would be termites

Battle of the botnets

Because bot herders obviously spend resources managing and running their botnets, they have become less interested in increasing the number of networks they manage. Symantec reports that the number of command-and-control servers diminished by 25 percent in the second half of 2006, which indicates that bot herders are consolidating and making each network larger, the company says.

Strange new attacks have caused security researchers to speculate that bot herders are engaged in turf wars and attacking each other. The goal of some malware may be to disable rivals' drones; in the process, that causes havoc with networks. For instance, one recent worm was directed at machines that had visited a malicious pump-and-dump Web site. It infected the machines with a virus that caused them to reboot continuously, rendering them useless for legitimate work (and illegitimate uses), Web-monitoring firm Websense reports.

Because bot herders are more interested in keeping their millions of infected machines secret, they will activate a machine, blast the spam or run the click-fraud game and quickly shut the connection down. Rootkit infections operate invisibly to the operating system. And bot herders control their machines via HTTP (not necessarily relying on Internet Relay Chat); that means detecting bots on your network is hard to do.

Social-networking diseases

More worrisome still is that today's bot herders use such techniques as toxic blogs, cross-site scripting and iFrames, which do not require a user to take any action, such as clicking on an e-mail attachment, to become infected. If a PC with a vulnerable operating system or browser visits a Web site or blog that contains malicious code, it is secretly infected. Malicious JavaScript, sometimes in adware, is downloaded automatically to the PC. Then it's directed to other malicious Web sites to receive its commands, and the bot is in business. With the popularity of inexpensive Web-hosting based on shared servers, a hacker can use a single operating-system vulnerability to gain access to dozens of Web servers.

Toxic blogs and cross-site scripting, which involve planting malicious code into an otherwise legitimate site, have been around for years. Bot herders are finding new ways to make use of them, however. Among the more infamous instances was the bot herder who hacked into the Dolphins Stadium Web site just before the Super Bowl -- a time when thousands of people would be trying to buy tickets.

Social networks, too, can become cesspools of malware, because these networks let users upload and share files, data and other potentially harmful code. With iFrames, invisible frames can be used to download undetected malware automatically on compromised Web sites, as well as on blogs and social networks.

"Web sites and social-networking sites -- there's so much personal information on these sites and so many users, it's just a gold mine of info," says Chris Boyd, director of malware research for FaceTime Communications, a Web-monitoring company specializing in protecting real-time applications, such as IM and VoIP.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Julie Bort

Network World
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

Family Friendly

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?