Don't be dragooned into the botnet army

28.10.2008
The malware armies are growing, with a sharp rise in the number of computers --far-flung networks of infected PCs that digital crooks use to steal financial account data, relay spam, and launch crippling Internet attacks. Now that popular Web sites can invisibly and unwillingly spread malicious software, the days of staying safe just by being careful where you surf are sadly long gone. But you can take steps to protect yourself and your PC from these threats.

The volunteer white hats of , a nonprofit organization dedicated to battling the bot scourge, maintain a count of how many bot-infected PCs they see with their distributed Internet sensors. In mid-June that count began to climb dramatically, eventually exploding from a sample set between 100,000 and 200,000 for most of the year to a peak of about 500,000 in mid-September.

Since Shadowserver's sensors don't see every botnet, the total number of bot-infected machines is almost certainly a good deal larger. And some of the apparent increase stems from Shadowserver's having launched more sensors. But "there are clearly more bots and infected PCs," says Andre´ M. DiMino, a Shadowserver founder. "There's a rise in the surface area of infections and consequently the number of bots we're seeing."

Some experts tie the botnet rise to a recent wave of Web-based attacks. , a type of assault against online applications, can crack open vulnerable but otherwise benign Web sites and allow a malicious hacker to insert booby-trapped code. When someone unknowingly browses a poisoned site, the triggered booby trap invisibly hunts for exploitable software holes through which it can install a bot or other malware. Once it infects a PC, a bot contacts a server on the Internet to pick up commands, such as to steal financial-site log-ins, from its thieving controller.

"At the time when this jump [in the number of bot-infected machines] started," says John Bambenek, an incidence handler at the , "there was a round of SQL injection attacks against thousands of Web sites." The ISC is another volunteer organization that tracks widespread Internet attacks.

Innocent Sites Suffer