Bots ‘Dangerous’ to Corporate Networks

Think your corporate network is safe from a bot attack? Think there’s no

way one of your user’s machines is part of a botnet?

Think again.

Bot attacks are quickly becoming a critical security issue for IT and

security administrators, according to industry watchers. And it’s an

issue that will need to garner more attention in coming months.

”This is extremely dangerous to corporate networks,” says Carl Banzhof,

CTO of Dallas-based Citadel Security Software. ”Corporate networks have

large concentrations of systems that can be taken over relatively easily

by these bots. A laptop that’s infected will come in, or someone on a

desktop will open an email or visit a site that they shouldn’t, and then

[the bot] is on the network. It will automatically start looking for

other computers, and it has an arsenal of exploits in its pocket to

attack unsuspecting machines.”

Once the bot has circulated to other machines on the corporate network, a

remote hacker would have the ability to toy with the company — changing

information, stealing files, encrypting data or even shutting down the

network.

”These things are more of a threat than IT managers generally suspect,”

adds Banzhof.

Bots got quite a bit of attention last week when Zotob led the charge

against networks that hadn’t yet updated a patch for a plug-and-play flaw

in Microsoft Windows. But despite the momentary attention, information

about bots often takes a far back seat to information coming out on

worms, viruses and Trojan horses.

And there has been some confusion over the differences between bots,

worms and Trojans.

A bot is not a virus or a Trojan. A bot often is the payload in a virus,

explains David Perry, global director of education at TrendMicro Inc., an

anti-virus company based in Tokyo.

The bot is a piece of code that takes

control of the infected computer and reports back to a remote master

control program run by the bot writer. Computers also can be infected by

bots by visiting a malicious Website or chat room.

The hacker tries to cultivate as many infected machines as possible,

building a virtual army of zombie machines — also referred to as a

botnet. Once this botnet is in place, the hacker can use it to send out

spam or launch denial-of-service attacks.

Steve Sundermeier, a vice president at Central Command, an anti-virus and

anti-spam company based in Medina, Ohio, says a large enough botnet could

be used to interrupt the Internet.

”The more bots, the more infected

machines with these bots, the greater control virus authors have,” says

Sundermeier. ”The greater the army, the greater the possibility of

destruction. I think there’s a lot of theories about this huge army of

bots out there that have the opportunity to take down the Internet or

raise other havoc. The possibility may exist. We just haven’t seen it

yet, thank goodness.”

But Sundermeier says what may be more troubling to IT and security

administrators is the ability of bots to make their way into a corporate

network and take control of it.

A Bot on Your Network?

”Probably tens of thousands of companies have computers that are part of

a botnet,” he adds. ”If you have a bot in your company, you could have

information leaking out.”

Gregg Mastoras at Sophos, Inc., an anti-virus and anti-spam company with

U.S. headquarters in Lynnfield, Mass., says most CIOs or administrators

he talks to are quite sure they don’t have any bots on their network. And

then they’re shocked when he finds them.

”The numbers speak for themselves,” Mastoras says. ”Fifty percent of all spam

now originates from botnets. That’s up from 40 percent six months ago.

And it’s not just all from consumer machines. That’s a misnomer. The

reality is that very clearly many organizations are infected and don’t

even know about it.

”We track where spam is coming from and we communicate with the

organization sending it, saying, ‘Do you know you’re sending out spam on

Rolex watches?’ We’re talking about thousands of organizations in the

U.S. alone that are affected by it.”

And Banzhof says we’re very close to a time when someone could hire a

hacker with a botnet to infiltrate a specific company and steal data.

”Actually, it might even exist today,” says Banzhof. ”You hire a

botnet to hit a company and seek out and return specific information for

you. That could be facilitated every day in underground message boards.

It’s usually for scamming but it could be used for corporate espionage or

cyber warfare even.”

Eric Yoshizuru, a product manager with Glendale, Calif.-based Panda

Software, says stealing information could be just the beginning of a

company’s troubles.

”It could be very bad depending on what kind of

information that user has access to. If they have access to a database

with people’s credit card information, then the whole company’s

reputation is at stake. If they take over enough computers in the

network, they could actually shut it down… They could take critical

files and encrypt them and then basically hold them hostage.”

Analysts say keeping a system updated with the latest patches and keeping

anti-virus software updated should take care of bot attacks. And all of

that would be taken care of in a perfect world. But in a world where IT

workers are short-handed, budgets are tight and there literally are more

patches than one IT shop can hope to handle, bots are becoming a real

problem to deal with.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020