E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Scotland On Sunday

Posted on January 13, 2008

      Do you know who is running your computer?

      For a large and growing number of people the answer may not be the one you want to hear. Yours may be one of the millions of PCs around the world that have been infected and is now working for a criminal organisation.

      You may be blissfully unaware that your PC sitting quietly, apparently asleep, is being used without your knowledge to send out junk e-mail, collect people's personal details or take part in attacks on legitimate websites. It could be part of a phenomenon called a "botnet" or "zombie network", a sinister revolution in computing that is shaping up to be one of the biggest headaches of 2008.

      A problem that began with annoying computer viruses a few years ago has been growing in size and complexity. It works by placing tiny malicious programs known as "Trojans" or "worms" on individual computers. These can then be controlled as if they are one huge supercomputer and used for whatever purpose the "bot- herder" desires.

      The result is that millions of business and home computers - some estimates put the figure as high as 300 million - have been taken over by global gangs of cyber criminals. They're being used every moment of the day for extortion, to spread child pornography and, most commonly, to spew out billions of unsolicited e-mails. It can - and has - brought down the internet for an entire country.

      The problem is getting so bad, and accelerating so rapidly, some experts believe 2008 could even be the year the internet meets its Armageddon. On Christmas Eve and Hogmanay, unusually heavy botnet activity was reported, leading to speculation that a major attack was brewing.

      So how does a botnet work? What uses can it be put to by criminal gangs? Is the internet itself at risk? And is the fight against this army of zombies a hopeless one?

      The first viruses were just harmful fun. Spotty teenagers with apocalyptic nicknames would create viruses capable of destroying computer data or displaying on-screen messages on a particular day. Their success was measured in terms of publicity and the chaos caused. Now the same techniques are capable of generating vast criminal profits. The geeks and gangsters are working together.

      Detection is difficult. The owner may be unaware that anything untoward is happening. The computer might not even slow down because the Trojan doesn't start operating until an automatic screensaver turns itself on showing that nobody is using the machine.

      This is part of the big change in the way malicious programs are designed to operate. Viruses used to be designed to advertise themselves if only to other members of the internet underworld. Now they're designed to slip under the radar.

      Experts are divided on the apocalyptic threat from botnets to produce a "9/11 of the internet". It's certainly possible. The combined power of the zombies dwarf most of the world's supercomputers. If its controllers wanted to, there seems little doubt that they could bring down at least a large part of the internet.

      However, senior researcher Roel Schouwenberg, of anti-virus giant Kaspersky Labs, plays down the danger of a complete meltdown: "People have been asking me for the last couple of years if this was the year when the servers that control the internet will be brought down. Well it hasn't happened yet. Let's hope it doesn't."

      He points out it is not in the interest of the people renting out botnets to wreck their source of income. Along with other anti-virus specialists, however, he wouldn't comment on the possibility of a terrorist threat. Undoubtedly organisations such as al-Qaeda make substantial use of the internet. Over a year ago the first issue of "Technical Mujahid" was circulated through jihadist websites. The 64- page e-zine focuses on internet security and what it calls the "electronic jihad". Bringing down the internet would, however, damage the Islamicists' ability to disseminate propaganda and communicate with supporters.

      But botnets have been implicated in at least one national attack. In May last year a two-week attack led to Estonia's internet service being all but shut down. This followed a decision to move a Russian statue. Afterwards it was suggested that the Russian government may have been behind the illegal internet assault, but, according to Schouwenberg, the perpetrators were Russian spammers who also infected their government's computers.

      Certainly Russians have been implicated in much of what is known as "malware", a term which covers all malicious software. "Actually most of what we're seeing now comes from China, Brazil and other Portuguese speaking countries," says Schouwenberg. "The Russians sell the weapons, such as Trojans, but they don't usually use them."

      Nonetheless, the Russians' attack on Estonia was what is known as a "Distributed Denial of Service" (DDoS). It's a common use of botnets, although usually the targets are commercial. It works by bombarding an organisation's computer network with billions of pieces of data simultaneously until it breaks down under the strain.

      In the hands of criminals it provides a high-tech version of an age- old crime, the protection racket. The website owner is told that unless he pays up, his website will be brought down. It's particularly effective with gambling sites which have well-publicised peaks. Imagine, for instance, the reaction to a warning coming just before the weekend of the Grand National or the Super Bowl in the US.

      "As cyber criminals become more cunning in their methods for creating zombie PCs, the only way we're going to reduce the problem is if authorities invest a lot more in educating computer users of the dangers, while ensuring internet service providers step up their monitoring efforts to identify these compromised machines as early as possible," says Graham Cluley, senior technology consultant with anti- virus specialist Sophos.

      Law enforcement agencies have had only modest success in cracking down on the gangs, hampered by the international nature of the crime. One of the most high profile arrests came five weeks ago when New Zealand police in the province of Waikato brought in an 18-year-old home-schooled loner called Owen Wilson, accused of being the ringleader of a gang that had infected one million computers and caused £13m worth of damage.

      Operating under the name "Akill", he was caught because the actions of his group had allegedly brought down a server at the University of Pennsylvania. An FBI officer was present at the arrest. The international nature of the investigation was further revealed when Dutch police said they were investigating "Akill's" alleged activities as part of an elite botnet group called the "A-team" which is accused of infecting 1.3 million computers as part of an internet advertising scam.

      The arrests are also linked to a massive FBI action code-named "Operation Bot Roast". By the beginning of December this had resulted in 13 raids, eight arrests or convictions and uncovered more than £10m in economic damage linked to botnets. So how does a computer get tricked into becoming a zombie? It's not easy. Users have to be tricked into installing malicious software on their virus-protected computers. It's a process known as "social engineering".

      "Storm", for instance, is probably the biggest of the botnets. It takes its name from the subject of the e-mails where it first appeared 12 months ago. Millions of people received e-mails headed "230 dead as storm batters Europe". When they opened the messages their PCs were infected and became "zombies", as the individual components of a botnet are known.

      Certainly Storm's services have been offered for sale through the internet underworld. Most buyers use a botnet to distribute "spam" or junk e-mail. Legitimate internet service providers prevent their users from sending out mass mailings so the so-called "spammers" have to resort to illegal providers. Although only a tiny fraction of 1% of recipients respond to these unsolicited e-mails it's enough if the distribution is numbered in billions. And as the success rate has declined the spammers have simply upped the numbers, so the chances are that when a zombie machine is active it is spewing out offers of penis enlargement and cheap loans.

      The other obvious danger is that the computer is controlled by a criminal with potential access to all the personal information stored on the hard drive and every action carried out online.

      "To combat the risk," says Cluley, "everyone needs to make a New Year's resolution to take computer security more seriously in 2008. Clicking on a mystery weblink or an unsolicited e-mail attachment puts computers - and potentially the web itself - at risk."

      Nick Clayton is a leading writer on technology and the internet.

Keeps bugs at bay

      How to stop your computer becoming a zombie:

      • Computers running Microsoft Windows - 90% of all the computers in the world - are the most at risk. Ensure that you keep your software up-to-date. Most updates are developed to remove security lapses.

      • Even if you use an Apple or Linux PC, you're not completely immune. Much of the malware being developed exploits weaknesses in other programs such as Flash, Acrobat, QuickTime and even MP3 files. You need to make sure all your software is regularly updated.

      • Make sure that the firewall in Windows is enabled. Use regularly updated anti-virus software. (AVG from www.grissoft.com is effective and free for personal use, as is Avast from www.avast.com)

      • Use anti-spyware software to scan and protect your PC. ("Spyware Doctor" is available free in its basic version from www.pctools.com as is "Trend Micro HijackThis" from trendmicro.com.)

      • Don't click on e-mail attachments if you're not sure who they've come from.

      • Be wary of online advertisements. Most computer infections no longer come from e-mails, but from websites. Even legitimate websites have been compromised, so you need to be vigilant to spot unusual activity.

      • If you're really concerned, get an expert to check over your computer. It's more sophisticated than a dishwasher or a fridge, so a regular service won't do any harm.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.