Latest Botnet Defense Techniques

A botnet or zombie army is a group of computers – with their owners unaware of it – that is set up to forward spam, viruses or any other kind of transmissions to other computers on the internet. They are seeded and operated by people known as bot herders.  Reports from Kaspersky Labs and Symantec both reveal that botnets – and not spam, viruses or worms – are the most significant threats on the web.

Moreover, bot herders are getting craftier and craftier as time goes on. In the past, Microsoft and Symantec have been able to ward off botnets through legal and technical means, but to this day, they still exist. In fact, as soon as one is knocked down, the cycle repeats.

The Continued Rise of Botnets

The malware being used for botnets have grown more sophisticated as well. To that extent, they have moved from PCs to mobile devices. Then again, there are steps that can be taken to ensure that your system does not fall prey to such malice. However, despite there being measures, there are particular botnets that are hard to detect which makes it hard for security measures to keep them out.

More than ever, botnets seem to be gunning for the money. The ZeroAccess bot, identified in 2011, is one good example which targets legitimate advertising means such as Google Adwords and Bing Ads. Botnets can infect and control millions of computers when users click on legitimate, as well as fraudulent ads. It is estimated that ZeroAccess is earning about $1 million each day.

Botnets in Mobile Devices

In 2013, reports of botnets for mobile networks started surfacing. A botnet called Spam Soldier is an SMS spamming bot that sends premium-rate messages on Android devices without the knowledge of the user. It is only when they see their bill that they realize it was used.

Taking Down Botnets

As mentioned earlier, Microsoft and other companies have combined legal and technical ways to get rid of botnets. The Microsoft Digital Crimes Unit has worked with the legal system, as well as technical partners to disrupt six botnets over the past years.

Microsoft has also partnered with Symantec to take down the Batimal botnet which was hijacking online searches to perform ad-click fraud. Microsoft filed a suit on January 31, 2013, and the courts agreed which resulted in evidence being seized from the botnet’s web hosting facilities.

Defense Against Botnets

Having policies and disaster planning strategies in place is a must, but with the growing sophistication botnets have, more measures must be put in place. In other words, a good defense strategy to have include:

  • Having secure web gateways – these filter web traffic and block malicious content. It is no longer enough to just rely on URL reputations because it is not effective in preventing exploit kits from executing.
  • Putting secure email gateways – these avoid spam – includes messages with malicious links and attachments – from getting to business mailboxes.
  • Using antivirus software – although not an entirely new concept, the importance of having these installed and continuously updated cannot be stressed enough. In fact, a security plan can be laid out to require computer users to perform frequent scans.
  • Turning on a web application firewall – this can be a server plug-in or a filter designed to protect web servers at the application level. This works by blocking code injections like cross-site scripting.

Education and appropriate action are crucial to making sure computer networks and systems remain safe from botnets. Each user must understand best practices when it comes to dealing with links and downloads, especially when distributed through email. By continually reinforcing these points, users will better understand the importance of security and increasingly refrain from taking actions that can infect machines with bots.

This article is sponsored by TCDI, a company specializing in cybersecurity, computer forensics, and eDiscovery services.

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Leave a Reply