THE STUDY JUNE 30, 2011
Computer security researchers made a startling and alarming announcement this week: A highly-advanced botnet which controls over 4.5 million personal computers might be “indestructible.” A “botnet” is a collection of machines which have been infected with malicious software (usually designed to steal information) and are controlled by a third party. (In fact, your computer could be surreptitiously operating as part of a botnet right now. Computers that are being used as parts of botnets, unbeknownst to their users, are called “Zombie machines.”) Researchers at Kaspersky labs report that a botnet they’ve been studying, known as TDL-4, is exceptionally advanced: It encrypts communications between machines operating within the botnet, infects computers so deeply that it can’t be detected by anti-virus programs, and even deletes other malicious programs which could be noticed by anti-virus programs and reveal its existence on a machine. How can botnets spread so quickly, and how can users defend against them?
A team of eight researchers at UC Santa Barbara provided insight into this problem in a 2009 paper. The authors were able to “hijack” the notorious Torpig botnet—essentially, they redirected its activity to an analysis server—and observe its activity for a period of ten days. During that time, they witnessed the botnet steal sensitive information (including financial data) from over 180,000 machines. It stole nearly 300,000 unique username-password combinations and more than 8,000 user credentials for various online financial institutions. The authors were also able to identify over 1,600 seized credit and debit card numbers, prizes which bring in lots of money to cybercriminals: “A report by Symantec,” they write, “indicated (loose) ranges of prices for common goods and, in particular, priced credit cards between $0.10–$25 and bank accounts from $10–$1,000. If these ﬁgures are accurate, in ten days of activity, the Torpig controllers may have proﬁted anywhere between $83K and $8.3M.” If you’re wondering how to defend yourself from this kind of attack, the authors have simple advice: give yourself a complex password to sensitive websites. Most victims, they write, are “users with poorly maintained machines that choose easily guessable passwords to protect access to sensitive sites.”