Defining the Botnet - Essay Example

?The first part of the video lecture defines and demonstrates the botnet, how the botnet are created and infect the computer systems over the internet. A botnet is a collection of infected computers connected to the internet which are being controlled by the Bot herder and command center. It has been found in the video that a Bot client can easily be developed by a Trojan that installs a bot code on the victim’s PC through a compiled and executable source code that can be written in Microsoft Visual C++. It has been learnt from the video through a practical example to control and command the bots through IRC that can be installed on the private server machine and spreading the bots through e-mail attachment, downloading BitTorrent, etc. The second video explains the bot attacks; the first potential attack is Distributed Denial of Services (DDOS) can be activated by sending a huge amount of traffic b from many bots herders on the victim’s computer so that the customers cannot access the online server. The video explains the second attack named Command Line Control through an Rlogin server in easy to understand method. Further, the video talks about the third bot attack known as Spying on Zombies. The video makes you understand regarding spying the victim’s computer through a key-logger, packet sniff, capturing screenshots etc. The third part of the video emphasis on defenses your system from the potential threat of botnet by keeping bots out, mute bots and detecting the bots activities. The video explains to install firebox, upgrading patch promptly, using antivirus with auto-update, using firebox proxies and GAV, and training of the professionals and users for keeping bots out of your computer system. Organizations can mute and detect activities of bots as well by configuring the firebox appropriately as explained in the video. The article titled “Microsoft disrupts Nitol botnet spreading on counterfeit Windows PCs” written by Lee Mathews and published on 13th September, 2012. The article explains that the digital crime unit of the Microsoft identified enormous botnet and they have taken control of the domains as per instructions of the court order. The report from the Microsoft’s digital crime unit notifies a malicious attack of Nitol, the botnet. It classifies that the domain Nitol, 3322.org along with over 70,000 subdomains have been found to be affected by 500 different malware. Following the court orders, Peng Yong, a Chinese businessman surrendered, giving not only the DNS control of Nitol but also the effecting domains to Microsoft, allowing them to filter the incoming and outgoing traffic for the security of users from the suspected attack by Nitol, and other malware from 3322.org and other sub-domains. At this time, the action taken by Microsoft was not as vigorous as against Waledac, Kalihos or Rustock. Because the investigation teams vigilant the Microsoft while investigating the problems of illegal Windows Installation in China, that more than 20% of the systems have pre-installed unnecessary software including, but not limited to HP or Toshiba-style software bloat. It was the thing as Microsoft suspected from Nitol botnet, developed catastrophic malware that could not only able producing spam and redirect DNS requests but also proliferate through flash drives. http://www.geek.com/articles/news/microsoft-disrupts-nitol-botnet-spreading-on-counterfeit-windows-pcs-20120913/ The student has summarized the article titled “Botnet Masters Hide Command and Control Server inside the Tor Network”, by Lucian Constantin. The student has spectacularly discussed the article regarding research of Germans as they found a botnet that is hidden in the Tor secrecy network. The botnet can operate on an Internet Relay chat server and it has advantages as well as disadvantages. According to them, it is hard to find its specific location so that is very difficult to locate and shut down. A signal is sent to another computer from the user’s computer, when one uses Tor for internet access. Moreover, the researchers identified that it is not easy to block the traffic by intrusion detection systems, when infecting another computer. It could be harmful to detect malicious destination, as it is found in encrypted form and it has not a definite location. The student has described that overall the Tor can be abused easily, in spite of being developed for user’s privacy. The second article titled “Microsoft battles botnet pre-installed on systems” recapitulated by the student is similar to my article. The student stated that it was found during the investigation in China that 20 % of the new tested PCs had a built in botnet named Nitol. It was actually installed in the assembly line on the PCs. As shown in the video, the botnet automatically starts to find for other networks. Microsoft diagnosed it by closing the domain that acted as a hub for the botnet. It relates to my comment in the third video, Windows 7 can stop the installation of .exe extension files, but still, its complications can open ways for cyber criminals. In the third article, the student briefly explains the third largest Botnet named “Grum”. The bonnet is the basic reason of 18% spam on the World Wide Web. The Grum was detected by experts through blocking commands and controlling servers, and finally shut it down. Owing to the long durations, legal actions could take lead the experts to fight the Grum. Shutting down the Grum was a success, but still many botnets reappear in an altered form, and can inject in servers easily. Stuxnet is one of the exceedingly complicated computer worms that have capability of reconnoitering and re-programming the systems (especially industrialized) utilized to manage and supervise the business processes. It was discovered in 2010 by VirusBlokAda, a security organization in Belarus. As per the report of the Symantec Antivirus Inc, the worm has swabbed out approximately sixty (60) percent of the Iran’s computer network. It has been found that still the actual rationale and foundation of the virus is internationally unknown, but all are well aware that it is harmful. No matter what the purpose of its subsistence, the Stuxnet has the capability to obliterate the navigational systems, industrial systems, and medical facilities and encompasses implications for the business. Now it becomes necessary for organizations to connect with the World Wide Web that exposes them According to me, the Stuxnet worm can be malevolent hazardous to the organizations utilizing software systems over the internet. Therefore, it would be appropriate for the organizations prepare themselves to tackle such worms. In order to avoid such threatening, the organizations should develop proper Information Technology Security Policy to safeguard their digital information, fraud and intellectual property thefts. The organizations should recruit the IT security professionals and train them regularly. It is more suitable that the information may be stored on separate PCs that are not usually connected to the internet. As the businesses can only be successful by relying on the accurate and secured information, therefore, the businesses should apply security standards to avoid worms like Stuxnet. Read More