Friday, September 5, 2008

Is Your PC Phoning Home?

The number of computers infected with Bots, software that allows the bad guys to control the computers from across the world, is rising at an alarming rate.

Brian Krebs, writing in his WaPo Security Fix blog, notes that the number of infected machines has risen from 100,000 to 400,000 in the last three months alone. Brian quotes one of the SANS incident handlers who attributes the rise to increased SQL injections that have seeded browser exploits within compromised websites.

In the past, botnets reported into centralized command & control servers, so once they were identified, it was relatively easy to block their IP addresses so no one on your network could get to them. Recent advances by the crooks have led to a more website-controlled infrastructure, so any communication between the bots and their command & control sites looks like ordinary web traffic - much harder to pinpoint and manage.

It used to be that you had to go to suspect sites, like porn, file sharing, free software offers, etc., to get infected, but today, even mainstream sites with poor architecture and coding practices are falling victim to SQL injection attacks.

My advice is the same as always...patch your machines in a timely manner, run both antivirus and anti-spyware apps, use a browser other than Internet Explorer, and get off of the Windows platform if you can.

Who knows...you may already be compromised and reading this on an infected robot machine.

No comments:

Post a Comment

Please tell me what you think.