Bots, both good and evil, dominate the Internet
People invented the Internet to serve people. But according to a new study by Incapsula, most Internet traffic happens strictly between machines. More often than not, it’s a bot, not a person, examining a Web page and downloading data.
And nearly half of those bots are up to no good.
An Internet bot is not a real, physical robot, but a program that runs automated tasks over the ‘net. For instance, search engines use bots to find and index new pages. That’s an example of a good bot. But cyber criminals can use bots to send out spam, distribute malware, steal private data such as credit card numbers, and run Denial of Service (DoS) attacks.
Bad bots are often run unknowingly on good people’s infected computers. Malware can turn your PC into a bot-sending zombie, doing evil work in the background without your knowledge.
According to Incapsula’s latest report, bot traffic has increased 21 percent this year, and now accounts for 61.5 percent of all Internet traffic. Almost half of that, 30.5 percent of all the signals travelling on the Internet, come from malicious bots. Incapsula provides security to Web sites.
The report divides the malicious bots into four categories. The largest of these, which Incapsula calls impersonators, make up more than 20 percent of all Internet traffic. According to Incapsula, these bots “assume someone else’s identity…The goal is always the same - to infiltrate their way through the website’s security measures.”
Amongst other nefarious tasks, impersonators carry out Denial of Service (DoS) attacks, crippling Web sites and servers. Unlike other malicious programs, which are often rewritten versions of other malware, impersonators “are custom-made bots, usually crafted for a very specific malicious activity.”
Bots in the three malicious categories turn up less often, but are still real threats. Scrappers, which take data off of web sites for assorted dirty deeds, represent five percent of Internet traffic. Hacking tools (4.5 percent) steal private information and infect computers with malware. The good news: Spammers now use only half a percent of Internet traffic. That’s down from two percent in the 2012 report. “The most plausible explanation for this steep decrease is Google’s anti-spam campaign,” guesses Incapsula.
To create this report, the company monitored 20,000 Web sites, all of them Incapsula clients, over a period of 90 days. During that time, they noted 1.45 billion bot visits.
Not everyone is convinced of the report’s accuracy. A BBC article by Leo Kelion quotes Dr. Ian Brown of Oxford University's Cyber Security Centre, who is skeptical of the numbers. "Their own customers may or may not be representative of the wider web." Dr. Brown also suspects “some unavoidable fuzziness in their data..." But Brown acknowledges that Incapsula’s numbers, while probably not perfectly accurate, still provide a useful, overall view of the situation.
Whether the report is accurate to the decimal point or only an approximation, it’s still a sobering view. There are a lot of evil bots on the Internet.