Botnets Have Invaded the World of Internet - Essay Example

Botnets of the of the of the of the One of the greatest inventions of this century has been the internet. Internet has made life convenient for mankind and has reduced the distances of the world by providing fast communication. Like many other things in the world, even Internet has two aspects regarding its usage. One side provides great convenience to the user whereas the other one poses threats and vulnerabilities for the user. Hackers and intruders have also become smarter and tech savvy with time due to which newer techniques have been developed to intrude and attack end user’s system. Botnets come under the category of such inventions and become a source of much distress for the computer user. Botnets pose different kinds of threats like denial of service, spamming, click fraud etc. Several techniques and mechanisms have been adapted to enhance the security measures of networks and avoid any damage by botnets. Botnets Introduction ‘Bot’ is defined as a single computer that possesses the malicious program to make it a part of a wider network of similar computer systems, which is known as ‘Botnet’. Botnets are defined as an autonomous set of programs that perform functions without the aid of any user. They are either controlled by one system or multiple systems, which are known as the botmaster. A distributed nature of botnets involves a set of distributed computers that communicate with each other over the internet and perform some tasks together (Banday et al, 2009). The communication between the bots and the botmaster can be a direct link but such communication can make the botmaster identifiable in the network. Therefore, such direct links are not used. On the contrary, command languages and control protocols (C&C) are used to manage the bots remotely (Banday et al, 2009). These set of programs were initially developed to automate tasks on a set of machines to minimize the need of the presence of a person and to enhance communication and resource sharing. But the concept of their usage changed drastically when they started being used for malicious purposes. Botnets started being developed for the purpose of financial gains and recognition. The hacker’s scale of goodness of a botnet is the degree of damage that it is able to cause. How do Botnets Work? Intruders and spammers can install the software (required for intrusion) in a number of ways. The user might not even be aware of the vulnerability of his system and may become a bot in the network of similarly compromised computers. The first step in this unpleasant activity is the identification of a computer on the internet that does not have any security measures protecting it from the other computers on the network. Once such a computer is found, the required software is installed on the system and thus made possessed with a doorway for malicious intent (US Federal Trade Commission, 2007). Another way that is adapted to make a computer a part of the botnet is to send the end-user emails with attachments, links etc. If the attachments are downloaded or if the links are opened, then the software will get automatically installed on the system thereby compromising its security. Some visitors on a specific website might also become infected with such programs only by visiting it. Many unwanted actions may be performed by the controller of the botnet and it proves to be a daunting task to detect the presence of such software in the systems since they are hidden. The user’s system may become a host itself for sending spam emails or become very slow in processing operations. Types of Botnets There are many kinds of botnets prevailing on the internet that cause harm to the systems in different ways. Some of them have been discussed below: Zeus Trojan: is one of the most damaging botnets that prevails on the internet. It is known to infect over 3.6 million systems in the US. The purpose of this botnet is to steal personal information from the end-users systems like credit card numbers, banking personal details etc. The desired systems are infected by HTML forms that have been developed for the malicious purposes. These forms extract the desired information and send it to the remote controller (Enigma Software Ltd., 2008). Koobface Worm: is known to be very common among the different social networking sites such as Facebook, Twitter etc. Reports show that as much as 2.9 million computers got infected with this type of botnet in the US. The botnets operate by sending messages on the social networking sites consisting of malicious links or files that possess the required software. The software will be instantly installed when the link is clicked upon (Enigma Software Ltd., 2008). Hamweq: This kind of botnet is able to gain entrance in the system and multiplies after it gains access in the system. It auto-runs when the drive (that it is infecting upon) is accessed by the user. It can even infect the Explorer.exe and hence damage the stored data on the system (Enigma Software Ltd., 2008). Threats from Botnets There are several types of threats posed by the botnets, some cause severe damage to the user’s data and systems while others cause lack of availability of services for the end-user. Some of the major security threats have been discussed below: Distributed Denial of Service (DDoS) Denial of service (DoS) can be defined as an attack to cease the offering of computational services from a specific system to its end-users. Distributed DoS attacks the systems in a distributed nature and therefore causes many systems to be infected with the botnet and thus become compromised. Bandwidth and resource depletion are two primary forms of such attacks. Bandwidth Depletion: This kind of attack involves the process of sending excess messages to a target system to consume most of its bandwidth by making it cater to the invalid messages instead of genuine requests from end-users. There are two types of bandwidth depletion attacks; flooding and reflection attacks. Flooding involves sending multiple packets to the target machine which is providing the service to congest traffic on it. The reflection attack involves the sending of large number of messages to multiple sources from a source that poses to possess another source address. Resource Depletion: This kind of attack aims to deplete the resources of the target system or to make the target crashed or unstable so that no other end-users can utilize the services offered by it (Banday et al, 2009). Spamming Spamming can be defined as the unwanted messages that are received by any end-user even though he has not registered for the receiving of those messages. It can also be defined as the large number of retransmissions of the same message on a newsgroup or mailing list even though the content of the message is not related to the on-going discussions in the respective platform. The spammer, one who does spamming, uses different ways of accomplishing his tasks like spoofing, spam botnets. Spammers are usually a part of secretive groups that share email addresses with each other to make different internet users target of spamming. Click Fraud Some of the advertisements are based on the pay per click revenue model that accounts for the charge by the website operators. At times, botnets are mechanized to increment the counter (i.e. number of clicks) of the advertisers so that more revenue can be generated. This kind of artificial increment is called click fraud. Botnets are sent messages by their botmaster to send requests to the advertiser that will seem like clicks on the online advertisement. It is very hard to detect click fraud because it is initiated by a scattered range of IP addresses that may also be geographically dispersed around the region. It poses great threats for the advertisement space providers and the content providers since they are being cheated with false number of clicks (Banday et al, 2009). Other Security Threats The login process at email and online bank accounts can be connected with the botnet by an intruder and sensitive personal information can be extracted. In the same manner, botnets can be used for sniffing text messages between hosts and their direct personal communication can be retrieved. The excess usage of internet on cell phones can cause botnets to be spread to this technology also thereby causing harm to millions of cell phone users. Phishing and identity thefts are also some of the threats that are posed by fooling a user into giving up his personal information in return of greater benefits. Impact on Network Design and Implementation There have been many steps and measures proposed to keep the networks secure from the threat of botnets. It is always advised to use original software instead of pirated ones since they are usually possessed with malicious code that makes the system and thus the network compromised. Honeybots: are usually used in networks to enhance the security level. Honeybots are defined as isolated machines that are protected and pose to be a part of the set of connected computers (Edwards, 2008). It possesses useful information that will attract the intruder and try to infect it to make it a bot. The honeybot allows itself to be infected and becomes a part of the botnet. It then attempts to identify the botmaster to cease the malicious remotely controlled functions on the network. Several techniques have been proposed to detect the botmaster or the bot controller; Strayer et al (2006) proposed the investigation of traits such as bandwidth, duration and timing, Akiyama et al (2007) recommended the analysis of the behavior of the botnet by three characteristics of relationship, response and synchronization. Firewall: One of the most common approaches to handle the threats posed by botnets is to implement an efficient firewall in the network that scrutinizes all the incoming messages from outer sources. It makes the set of computers invisible from the machines connected on the internet and thus ceases all messages from unauthorized systems. An efficient firewall should essentially be a part of the network design of an organizational setup since they are usually equipped with broadband connections. Broadband connections enable connectivity throughout the day therefore increases chances of having systems infected (US Federal Trade Commission, 2007). Intrusion Detection Systems: Intrusion detection systems should be installed on the network since they can detect the initial stages of denial of service attacks. This can give the network administrator some time to perform immediate mitigation actions and save the services or resources from being wasted. On the detection of any threats, the network administrator can also shift the services to an emergency block of addresses that are not compromised to continue the process of servicing the requests (Edwards, 2008). Conclusion Botnets have invaded the world of internet to an alarming level and it has become very common for unprotected systems to be infected by malicious code that makes the respective machine a bot in the whole network of compromised systems (botnets). They pose different kinds of threats to the end-users and their intents range from financial gains to pleasure. Denial of service, phishing, spamming, click frauds are some of the major security threats. The systems and networks can be kept safe from botnets by installing intrusion detection systems, configuring effective firewalls and designing honeybots in the networks. References Akiyama, M., Kawamoto, T., Shimamura, M., Yokoyama, T., Kadobayashi, Y. & Yamaguchi, S. (2007). A Proposal for metrics for botnet detection based on its cooperative behavior. Proceedings of the 2007 International Symposium on Applications and the Internet Workshops (SAINTW07), IEEE Computer Society. Banday, M.T., Qadri, J.A., Shah, N.A. (2009). Study of Botnets and Their Threats to Internet Security, Sprouts: Working Papers on Information Systems, 9(24) Enigma Software Ltd., (2008), Top 10 Botnet Threats in the United States, Retrieved September 14, 2010, from: http://www.enigmasoftware.com/top-10-botnet-threats-in-the-united- states/ Edwards, J., (2008, February), The Rise of Botnet Infections, Network Security Journal, Retrieved 15th September 2010 from: http://www.networksecurityjournal.com/features/botnets-rising-021308/ Strayer, W. T., Walsh, R., Livadas, C. & Lapsley, D. (2006). Detecting Botnet with Tight Command and Control. ARO/DARPA/DHS Special Workshop on Botnet. US Federal Trade Commission, (2007, June), FTC Consumer Alert: Botnets and Hackers and Spam (Oh, My!), Retrieved September 13, 2010, US Federal Trade Commission, Access: http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt132.pdf Read More