By Daniel Suarez
If you’ve never heard the term ‘botnet’, take note of it now- because your home computer may have joined one without your knowledge. A botnet is an army of compromised personal computers which have been stealthily pressed into service by high-tech criminal gangs. Infecting personal computers with malicious software (or ‘malware’) via the Internet is now entirely automated, so if you believe that anonymity protects you from attack, you’re mistaken. In fact, an unprotected computer linked to the Internet can be infected within minutes and folded into a botnet army intent on causing harm to other systems.
Individual computers participating in a botnet are known as ‘zombies’ because they take their instructions from a central command and control node that focuses the combined processing power of the botnet to attack government and commercial enterprises, crack encryption, and steal valuable data. These botnets can consist of millions of machines just like yours and they behave much like natural organisms (resisting eradication, reproducing, etc.). Furthermore, the malicious software is so stealthy, you might never know it’s there – except for tell-tale signs like slow processing and reduced Internet speed.
Contrary to popular belief, most malware is not the product of teen malcontents working out of their mom’s basement. Instead, malware has become a highly sophisticated multinational criminal enterprise – one which engages the skills of some of the most sophisticated software developers on the planet. So sophisticated, in fact, that there is currently a war being waged for control of the Internet. And your home computer is on the front lines.
Recent statistics from the botnet wars are not encouraging. Botnet-based Internet attacks against commercial and government networks have increased over the past two years from 333,000 to 7.2 million daily — an increase of 2,162% despite a combined major effort by government and the private sector to eradicate them (source: USA Today, March 16, 2008). That’s a worrisome trend line.
How did we get into this mess? Well, the ARPANET (the first packet-switching network on which current Internet protocols are based) was developed in the 1960’s as a means to create a robust communications system over potentially unreliable network connections. As such, it was inherently ‘open’ – that is, it defaulted to accepting connections to make it easier for far-flung groups of scientists and government officials to communicate electronically. Fast-forward to today and we find that the Internet has been tasked with providing critical infrastructure services such as online banking, stock trading, remote control of machinery, and a host of other tasks. Securing all of this has meant going against the original network’s intent, which is what makes it so difficult to lock down.
Completely solving the software security crisis might require a major infrastructural change – a redesigned Internet. In the meantime, however, there are a few simple steps you can take to limit your exposure.
First, realize there’s no such thing as an unimportant computer, especially when it’s linked to the Internet. Don’t leave unused machines running, and make sure to apply software patches out of a sense of civic duty, if nothing else. Lastly, consider setting up a non-administrator account for everyday use and especially while surfing the Internet. A non-administrator logon with reduced privileges can prevent a wide range of worms from installing themselves in the first place. Check your OS documentation for the relatively simple steps involved in creating a non-Admin logon. By doing so, you’ll be helping to protect not just yourself, but other Internet users as well.