Beware of the bots

It sounds like it could be an upcoming movie release -- maybe a knock-off of War of the Worlds. Unfortunately for home computer users and company security administrators alike, this invasion is real and the first wave has already landed.

In its original form, a bot is not malicious software. Bot code was created to automate the maintenance and administration of IRC (Internet Relay Chat) channels. Eventually though, more malicious developers figured out that bot code could also be used to quietly infiltrate unsuspecting computer systems and provide a means of hijacking or controlling those machines to perform other malicious tasks.

Bot code makes its way onto computer systems in a variety of ways. Users that visit IRC chat rooms or Web sites of a questionable nature are at a higher risk of becoming infected by bots. Some bots, such as the variants of Agobot (an IRC-controlled backdoor with network spreading capabilities), also spread themselves in the form of a network share and peer-to-peer file-sharing network worm.

The bot threat

Computer systems that become compromised by bot code typically initiate communication with an IRC channel to register themselves and announce to the IRC channel that the computer is available. At that point, the computer essentially lays dormant, awaiting commands from an attacker to tell it what to do next.

Hundreds of thousands, and possibly millions, of computers are compromised by bot code. These computers are also referred to as "Zombies" because of the way they sit in a dormant state until they receive a command to rise from the dead and attack.

Botnets, or collections of bot-infected systems, are maintained on underground lists and are bought, sold and traded by malicious h

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Risk management for the midmarket Using key risk indicators to sell your information security program Gartner: Vetting security of third-party partners in five steps Security and risk management in the midmarket Identity and access management planning guide for the midmarket Get smart about patching security vulnerabilities Log management tool saves big on network fixes, integrates with IPS Unified communications: Securing access to OCS Disaster recovery and business continuity planning: Know the risks Database security: Who should have access? San Francisco network lockup justifies CIO fears Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ackers. By activating the dormant zombies and issuing commands for them to execute certain actions, a zombie army encompassing thousands of machines can be used to initiate a denial-of-service (DoS) attack against a specific Web site, start spreading a new virus or worm threat or generate millions of spam email messages that can't be traced back to their true source.

Defeating the bots

Traditionally, bots have primarily compromised or impacted home computer users. However, bot code and botnets are a rising threat to corporate networks as well. For the Internet as a whole, bot incidents have spiked in the last three months to four times what they were the previous quarter, according to McAfee. To keep your computer from joining the ranks of the cyber-undead and protect your network from being taken over by a botnet, follow these steps:

These are certainly not unusual preventive measures, but the nature of bots and botnets requires specific awareness and attention from Windows security professionals. A bot could be lurking just under the surface, ready to spring into action at the request of a malicious hacker. Only an organized effort can help to mitigate the threat of bots.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is recognized by Microsoft as an MVP in Windows Security, and he is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Bradley is co-author of Hacker's Challenge 3, McGraw-Hill Osborne Media, and author of Essential Computer Security, Syngress Publishing. He also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit S3KUR3.com.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.