5 February, 2006
By Mark Cox

Bots have consolidated their position as one of the main Internet threats in the new malware panorama. According to data provided by PandaLabs, these threats have increased by around 175 per cent in 2005 over the previous year, and more than 10,000 examples appeared. Bots represent more than 20 per cent of the total new malware detected in 2005.

Bots (an abbreviation of 'robot') are programs that can reach computers in a number of ways and then go resident, awaiting commands from their creators, normally via IRC. The success of this threat is fuelled by its multipurpose nature, as it can execute any type of order and even update the vulnerabilities it uses in order to spread, to improve its chances of infecting computers. They normally are used to make up extensive networks, popularly known as botnets, used by their creators to take massive-scale actions, such as sending spam or distributing other malware.

"Botnets are one of the current business models of cyber-crime," said Luis Corrons, director of PandaLabs. "The biggest problem lies in their secrecy: a large company could be serving the interests of a group of malware creators without realizing it. Many of their computers could be at the disposal of these cyber-crooks, with all the legal implications that this might have for the company itself."

The new focus of malware is leading to the professionalization of both the creation of malware and the search for financial returns. For this reason, the number of variants developed in a family could stretch into the thousands, a figure far too high for signature-based protection to cope with. For example, in the prolific Gaobot family, more than 6,000 new variants were registered in 2005 alone.

"It is impossible to ignore the fact that each of these variants generates numerous infections and therefore the total number of zombie computers could reach hundreds of thousands," Corrons added.

Botnets are a type of cyber-crime. The 'herders' (those that control the botnets) use malware distributed across the Internet in order to capture and take control of new computers. They then hire out the botnet to spammers, blackmailers, etc. to launch spam, carry out denial of service attacks, distribute spyware, etc. It is a highly lucrative business at the expense of consumers and even corporate networks.

"Cyber-crime nowadays takes many forms, and perhaps even more dangerous than botnets are the targeted attacks that we have witnessed recently," Corrons said. "The recent 'Trojangate' scandal in Israel is a clear example. It is in situations like that where TruPreventTM proactive protection technologies come into their own, where signature files are completely useless because of the customization and scarcity of the malware which rarely reaches antivirus companies. Until now it is a risk that companies have not considered sufficiently, but one which is no longer possible to ignore."

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2006 Integratedmar.com Corporation.