Are your networks harboring botnets?

We've done a lot of reporting here at SIW lately about IT security and how it's impacting businesses and governments. Of course, the threats are numerous and have varying degrees of impact.

Gone are the days when these threats only posed a minor nuisance to business operations. Indeed, the burgeoning industry of virus and malware writing is now a full fledged criminal enterprise perpetrated with an ever increasing level of sophistication.

"It's an entire industry. The malware is really very, very sophisticated," said Martin Lee, senior software engineer for Symantec Hosted Services. "Long gone are the days when people writing viruses were anti-social teenagers in a bedroom."

While a criminal may not care whose computers are infected with their botnets, Lee says the repercussions are obviously much greater for an enterprise then they are a home user. One of the biggest threats botnets pose for enterprises is the potential blacklisting of e-mail. If a criminal gains access to e-mail accounts on an enterprise network and begins sending out spam, there is great likelihood that an organization's IP address will be identified as a spam source and legitimate e-mails that need to be received by clients and employees will not go through.

"When you have computers sending out spam, they are sending out spam from your network and sooner or later, the botnet is going to spam an industry honey pot and the external IP address of your network is going to get blacklisted," Lee said.

There are also costs associated with lost productivity of employees that come into play with a botnet infection.

"You are going to have an IT guy who is going to spend probably an hour or two hours doing this and you also have the person's whose computer it is potentially sitting around twiddling their thumbs. So, you have a productivity loss associated with a botnet infected computer," Lee explained.

For small-to-mid-sized business, Lee said that banking Trojans, which is malware designed to steal bank account information, have become a big problem. Whereas enterprise class organizations usually have sophisticated banking systems in place, smaller companies can see their businesses ruined if hackers are able to gain access to their accounts.

"The pattern of activity that we have seen in the past is that the bad guys try and transfer out relatively small chunks of money, about $5,000 to $10,000 or so because it is underneath the money laundering and fraud detection levels of the bank," Lee said. "If there is one thing businesses need to be aware of, it is the dangers of banking Trojans."

Other online criminals have turned to outright extortion in their attempts to steal from businesses. Known as distributed denial-of-service or DDoS attacks, these schemes involve a hacker who informs a business that he or she will take their website down unless a ransom is paid. According to Lee, it is hard to actually quantify how large of a problem DDoS attacks are, as many businesses are reluctant to reveal that they have faced such an attack in the past.

Lee said that it is more important than ever that businesses are diligent in their efforts to protect their computer systems. According to Lee, Symantec has been able to determine that as many as one in every 200 computers in North America and Europe is infected with a botnet. In fact, nine out of every 10 emails sent in the world is spam.

"Be aware of what it is that you are protecting and aware of the common threats that are out there looking to cause harm to those assets that you are trying to protect," advised Lee. "Based on that, have some form of information security policy and strategy... but just knowing what it is you are protecting, what you are protecting against and how you are going to protect yourself is very, very important. Against a botnet, you need to know that all of those desktop systems, all those laptops and all the computer systems that you've got have got desktop anti-virus (software) running on them and that that anti-virus system is kept up to date."

To learn more about botnets and damage they can inflict on your business, listen to this conversation between SIW Editor-in-Chief Geoff Kohl and SecureWorks Director of Malware Analysis Joe Stewart in episode 56 of SIW Radio.