NYTimes: Attack of the Zombie Computers Is Growing Threat
January 8th, 2007The New York Times has an article discussing the difficulty security researchers face in combatting botnets, and how botnets are threatening the safety of the internet.
Some highlights from the article:
* What is new is the vastly escalating scale of the problem — and the precision with which some of the programs can scan computers for specific information, like corporate and personal data, to drain money from online bank accounts and stock brokerages. “It’s the perfect crime, both low-risk and high-profit,” said Gadi Evron, a computer security researcher for an Israeli-based firm, Beyond Security, who coordinates an international volunteer effort to fight botnets. “The war to make the Internet safe was lost long ago, and we need to figure out what to do now.”
* Last spring, a program was discovered at a foreign coast guard agency that systematically searched for documents that had shipping schedules, then forwarded them to an e-mail address in China, according to David Rand, chief technology officer of Trend Micro, a Tokyo-based computer security firm. He declined to identify the agency because it is a customer.
* Although there is a wide range of estimates of the overall infection rate, the scale and the power of the botnet programs have clearly become immense. David Dagon, a Georgia Institute of Technology researcher who is a co-founder of Damballa, a start-up company focusing on controlling botnets, said the consensus among scientists is that botnet programs are present on about 11 percent of the more than 650 million computers attached to the Internet.
* The data in the file had been collected during a 30-day period, according to Rick Wesson, chief executive of Support Intelligence, a San Francisco-based company that sells information on computer security threats to corporations and federal agencies. The data came from 793 infected computers and it generated 54,926 log-in credentials and 281 credit-card numbers. The stolen information affected 1,239 companies, he said, including 35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts. Sensor information collected by his company is now able to identify more than 250,000 new botnet infections daily, Mr. Wesson said. “We are losing this war badly,” he said. “Even the vendors understand that we are losing the war.”
* According to the annual intelligence report of MessageLabs, a New York-based computer security firm, more than 80 percent of all spam now originates from botnets. Last month, for the first time ever, a single Internet service provider generated more than one billion spam e-mail messages in a 24-hour period, according to a ranking system maintained by Trend Micro, the computer security firm. That indicated that machines of the service providers’ customers had been woven into a giant network, with a single control point using them to pump out spam.
* Computer security experts warn that botnet programs are evolving faster than security firms can respond and have now come to represent a fundamental threat to the viability of the commercial Internet. The problem is being compounded, they say, because many Internet service providers are either ignoring or minimizing the problem. “It’s a huge scientific, policy, and ultimately social crisis, and no one is taking any responsibility for addressing it,” said K. C. Claffy , a veteran Internet researcher at the San Diego Supercomputer Center.