It's 9am - do you know what your PC is doing?

Stephen Withers
Thursday, 08 February 2007 04:06

Your IT - Home IT

Yesterday's attack on DNS servers has been blamed by security company Sophos on a botnet, a network of 'zombie' computers that - without their owners' knowledge - can be remotely controlled by criminal hackers.

"[I]t's ironic that the people who depend on the web may have been the ones whose computers were secretly trying to bring it down," said Graham Cluley, senior technology consultant at Sophos.

"A denial-of-service attack like this swamps web-connected servers with traffic from many computers around the globe. It's a bit like twenty hippos trying to get through a revolving door at the same time - there's no route through and everything clogs up."

Apart from a duty of care to the wider community, computer owners need to protect themselves from becoming part of a botnet as it saps processing power and consumes Internet bandwidth. Corporate bodies may also suffer if they are identified as a source of spam. Protective measures include anti-malware software on PCs and gateways, and services such as Sophos' ZombieAlert that warn owners when spam is detected from their systems or if their IP addresses appear on a public block list.

Botnets are more commonly used to send spam messages. Last year, security company SecureWorks drew attention to a botnet created by the SpamThru Trojan (as usual, this piece of malware has multiple names) that was capable of generating one billion spams per day.

Used especially in 'pump and dump' stock promotion schemes, the software is very sophisticated. A peer to peer architecture means that even if the central server is shut down, the bot-herder can still regain the entire network providing he or she still has control of just one of the peers.

Pirated anti-virus software from Kaspersky is installed to remove any competing malware, and email addresses are harvested from the PC's hard disk.

Various techniques are used to get the spam through, including padding with random phrases, and randomised images (yes, this is probably the source of at least some of the image spam you've been receiving in recent months).

"The complexity and scope of the project rivals some commercial software," SecureWorks noted.