Personal Tech Pipeline | Hackers Control More Than 1 Million PCs - Experts
<A HREF=";FlightID=43525&amp;AdID=72502&amp;TargetID=2164&amp;Segments=115,1411,2549,2690,3108,3448,4751,6918&amp;Targets=315,2164,2625,2878,5028&amp;Values=34,46,51,63,77,85,90,100,140,203,222,227,442,645,646,659,1184,1311,1405,1431,1716,1767,1785,1798,1901,1925,1935,1936,1945,1970,2217,2299,2310,2329,2352,2678,2767,2787,2862,2878,2942,2956,3229,3262,3347,3385&amp;RawValues=&amp;Redirect=" target="_top"><IMG SRC="" WIDTH=728 HEIGHT=90 BORDER=0></A>

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

March 16, 2005

Hackers Control More Than 1 Million PCs - Experts

Courtesy of TechWeb News

At least a million machines are under the control of hackers worldwide, said security experts in Germany, indicating that the bot and botnet problem is worse than anyone thought.

Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems.

The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets.

"That number wouldn't surprise me," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based security intelligence firm.

The number of bots in attacker botnets is hard to pin down, added Dunham, but the figures cited by the Germans, he said, are probably conservative. "In just the last six months, the numbers of botnets surged from only a few hundred to over 6,000 total by our count," Dunham said. "It's not uncommon to see botnets with more than 50,000 PCs, so there could easily be a million or more total."

The largest botnet that iDefense has tracked was one in 2003 that controlled a whopping 120,000 machines.

These massive collections of compromised PCs are used by attackers primarily for profit, and are the root of most denial-of-service (DoS) attacks against corporate networks, the foundation of most spamming, as well as leveraged to infect other PCs with worms and viruses ("in most cases, botnets are used to spread new bots," wrote the researchers), to host the bogus Web sites that phishers rely on to trick users into giving up personal information, and to distribute spyware.

"The explosion of botnets is a huge problem," said Dunham.

The vast majority of botnets are made up of Windows systems, said the honeypot researchers. More than 80 percent of the traffic captured by the honeypot machines was directed at four ports used by common services in Windows, such as RPC (Remote Procedure Call) and the NetBIOS Name Service.

In fact, the bulk of the botnets were assembled using just a handful of exploits that take advantage of a few Windows vulnerabilities.

"It's the easy-to-use tools now available to hackers, as well as the source code for some exploits, that's behind the growth of botnets," said Dunham. "We've seen as many as a dozen exploit families, not exploits, but entire families, appear in just days after source code is made public. All [hackers] do is pick up [the code], and copy and paste."

As an example of the serious threat posed by botnets, the German researchers noted that a mid-sized botnet of 1,000 machines sports a combined bandwidth of more than 100 megabits per second, "higher than the Internet connection of most corporate systems," they wrote. That bandwidth can be put to many uses, including spamming and DoS attacks.

"You read what these guys post on their underground boards," said Dunham, "and they're claiming that all you need is 500 to 1,000 machines in a botnet, and you can take out the average corporate network with a denial-of-service attack."

The full report of the honeypot researchers is available on the Web here.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

<A HREF=";FlightID=43527&amp;AdID=72504&amp;TargetID=3743&amp;Segments=1411,1892,2691,3108,3448,4526,4760&amp;Targets=1491,2625,2878,3743&amp;Values=34,46,51,63,77,85,90,100,140,222,227,399,442,645,646,659,1184,1311,1405,1431,1716,1767,1785,1798,1901,1925,1935,1936,1945,1970,2217,2299,2310,2329,2352,2678,2767,2787,2862,2878,2942,2956,3229,3262,3347,3385&amp;RawValues=&amp;Redirect=" target="_top"><IMG SRC="" WIDTH=300 HEIGHT=250 BORDER=0></A>

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Apple posted this week its first-ever full-length movie -- the made-for-TV Disney Channel original movie "High School Musical" -- on iTunes for the price of $9.99. What do you think of this pricing for downloadable movies?
Love it! The price is lower than I would expect.
Like it. The price is about right.
Dislike it. The price is is a little too high.
Hate it! The price is way, way too high.
Neutral. It depends on the movie.

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Understand the financial impact of open source.
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss. Go!

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia