Web of Crime: Zombie PC Armies Designed to Suck Your Wallet Dry

More Sophistication

Organized criminals are emerging as a new and increasingly effective source of sophisticated attacks with botnets, according to Vincent Gullotto, vice president of McAfee's Anti-virus and Vulnerability Emergency Response Team. "There's a whole new ballgame that's being played," he adds.

Gullotto says that his team recorded nearly 13,000 cases of attempted bot hijackings in the second quarter of 2005, up from about 3000 during the first quarter of 2005. In fact, turning ordinary PCs into zombies has become so common that CipherTrust--a company that provides e-mail security and guards against spam--posts an hourly update on global zombie activity.

A graphical representation of what a distributed denial of service attack looks like.
A graphical representation of what a distributed denial of service attack looks like.
Meanwhile, Barrett Lyon has taken the skills he honed in the 1990s to the world of security. In 2004 he founded Prolexic, a company dedicated to protecting clients from botnet-launched distributed denial of service (DDoS) attacks, which miscreants launch in an effort to overwhelm a Web site with a flood of meaningless data. During a DDoS attack, each bot-infected computer sends as much data as it can to the target site. Multiply that by the thousands of zombie PCs in a given botnet, and the target Web site must dedicate all its resources to dealing with the DDos flood; as a result, the site can't do anything else--such as respond to real users who are trying to reach it.

Financially motivated criminals use DDoS attacks as part of extortion schemes that may demand as much as $50,000 from a business. Some particularly unscrupulous companies use them to attack competitors. But botnets have many other uses.

Botnets' Other Skills

Botnets began to emerge as money-making tools when spammers discovered that they could be use them to send e-mail messages that would evade blacklists and other antispam measures, according to analysts.

ID theft is another favorite activity of botnet wranglers. They use teams of zombie PCs to send out spam in the hope of capturing information through "phishing" schemes. One common variant of phishing is when scam artists design Web sites to look like real banking or e-commerce sites. The crooks then send out spam messages asking the recipients to enter their account or credit card number at the bogus site. If anyone does, the crooks can take control of that account.

Bot software is versatile because it opens a "back door" on its host that lets the controller gain covert control over the PC. Botnets can perform a multitude of tasks because they can update themselves with new features and install other software--including viruses, adware, and spyware--on the computers they rule, says Alfred Huger, senior director of engineering at Symantec.

Bots' capacity for self-updating shows all the hallmarks of professional software, Huger says. Certain varieties of bots look "as if someone who has some formal software training is putting them together," he says.

Subscribe to the Security Watch Newsletter

Comments