full story with complete story links (as inline text link in the below are missing cause they where javascript links so see bottom for link to complete story with referral links included in story )
-----------------------
Aiding—and aided by—the rise of blended threats around the world, botnets are digging in—and using your network as a base of operations.
by Matthew D. Sarrel
Last month we talked about blended threats—attacks that use a combination of deployment vectors such as phishing to entice you to visit a Web site, and Web sites that rely on browser exploits to plant malware on your machine. We also made the point that simple Web content filtering isn't enough to combat malware deployed over the Web because content filters usually analyze entire sites and not specific pages. So if malware is hosted on a hacked site or a big public site, then a content filter typically won't stop users from visiting specific pages.
Legitimate sites as malware delivery systems are no small matter. Sophos (
www.sophos.com) has discovered that during the first quarter of 2008, 79 percent of Web sites hosting malware-infected pages were legitimate business sites. Here's a well-known example: In June of this year, Sony's U.S. PlayStation 3 site was hacked , malicious code on the site flashing a pop-up fake antivirus scan and alert message, then directing users to another site where they could purchase a bogus security product or rogue application. While understanding attack vectors can help prevent infection by malware, understanding the damage that can be done by malware can help justify security policy and expenditures. There is such a dizzying array of malware in circulation these days that a listing would be incomplete within a matter of minutes. Malware includes threats such as trojans, bots, rogues, spyware, worms, rootkits, and adware. The bot is a particularly pernicious piece of malware that is on the rise. Actually, not all bots are bad. A bot is simply a program that runs automated tasks on the Internet. But obviously, the ones we are concerned with are the nasty kind. They are planted on a computer in the manner described above and used to do a whole bunch of dirty deeds, such as performing click fraud, sending spam, harvesting usernames and passwords, launching DDoS attacks, and spreading other viruses and worms. Botnets, collections of bots under a single manager (or herder), have become a serious threat to Internet security.
Recent research by Panda Security found that 11 percent of the world's computers are part of at least a single botnet, 23 percent of home computers that are already running anti-malware software are infected, and a whopping 72 percent of corporate networks with more than 100 computers have an infection. And here's a statistic that should get your attention: SecureWorks estimates that, collectively, the top botnets (Srizbi, Storm, Bobax, and Ozdok/Mega-D) are capable of sending over 100 billion spam e-mails per day. Many security experts believe that findings such as these underestimate the prevalence of bot infections.
The way bots most commonly work is to rely on IRC for a command-and-control infrastructure (also known as a C&C). The bot running on an infected computer will use a specific channel on a public IRC server to send commands and receive information, such as usernames and passwords for banking sites, from the bot running on an infected computer. Very often, a bot will have some worm functionality: It will infect a PC and then begin scanning the local area network for other vulnerable computers. Bots can be very difficult to find and shut down because they don't always have to be active; they can lie dormant until commanded by the botnet herder to execute commands. Typically, the herder rents time on his botnet, charges customers a set amount for a quantity of spam, or sells the usernames and passwords the bot harvested.
Complete story from PCMag.com, updates with links included in the text body of story below:
http://www.pcmag.com/article2/0,2817,2326426,00.asp?kc=PCRSS05079TX1K0000992
