September 24, 2004

When Bot Nets Attack

Continued from page 1

By Eric Hellweg

Tom Goltz, a network administrator for a small company in Londonderry, NH, has firsthand experience dealing with bot nets. "A year ago, we were seeing 800 to 1,000 attack attempts per day on our network," he says. Now its up to between 12,000 and 15,000 attacks.

The rapid growth of broadband into homes and small businesses has exacerbated the problem. With pokey dial-up connections, it's easy to tell when your computer is going out onto the Internet without your telling it to do so: the speed drop is noticeable. With zippier broadband hookups, however, the speed drop is often imperceptible. What's more, home and small business users are less likely to take the proper steps (setting up firewalls, using anti-virus software) to stop the bot nets than larger enterprise users, in part because home users are not aware of the problem and in part because corporations have far more to lose if attacked and make greater efforts to protect their computers.

The potential danger of these computer armies has scrambled some of the nations top security agencies to monitor the threat, with various bodies and coalitions forming to figure out the best way to handle the problem and protect critical infrastructure. The FBI has stepped up its efforts to fight the problem, and Republican leaders in Congress just introduced legislation that would move the office of cybersecurity, which, among other things, is concerned with the bot problem, from the Department of Homeland Security into the White House, signaling an increased effort to fight cybersecurity threats such as bot networks.

Individual ISPs have also taken up the fight. Erich Hablutzel, the supervisor of the abuse team at Earthlink, says that bot net attacks are on the rise and that his team works with customers to rid their machines of the malicious code and to educate them on how to prevent such infestations in the future. Earthlink has also partnered with Cox Communications, MSN, United Online, and others in the Global Infrastructure Alliance for Internet Safety (GIAIS), a Microsoft-led group aimed at reducing the number of such attacks. Hablutzel also cites efforts underway to create technological standards to make the Internet's infrastructure less susceptible to these kinds of attacks.

Of course, a problem that in one year skyrockets from 2,000 users per day to 30,000 is one that demands immediate attention, especially when the profit motive (by serving spam or renting out resources) is introduced, further fueling the ambitions of these robot army commanders. "Over the last 12 months we've seen attention given to the problem," says Weafer. "What else can we do? Its hard because in many cases you're reaching out to people who aren't aware their systems are unprotected."