Botnets

Flash

Mar. 25, 2006

Mary Jo Foley of Microsoft Watch reports: "That unpatched flaw in Internet Explorer that we told you about earlier in the week? It's already being exploited by hackers who are using hijacked Web servers and compromised Web sites to launch a wave of attacks against Microsoft browser users."

"The exploited servers and sites are dropping a variant of SDbot, which is a family of backdoors which provide hackers with total access to infected computers. Microsoft says the impact is limited so far. But security experts aren't so sure the attacks won't spread like wildfire."

Botnets Defined

Financially-motivated malware creators can monetize their infections is to directly use the infected computers to do work for the creator. Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as proxies to send out spam messages. The advantage to spammers of using infected computers is that they are available in large supply (thanks to the virus) and they provide anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.

In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to anti-virus software or other security measures.