November 6, 2008
Zombie PCs: ‘Time to infection is less than five minutes’
October 21st, 2008
Lock up your Windows and children!
In what sounds like the plot of 28 Days Later — computer “rage,” anyone? – the Times reports that botnets are alive and strong, according to shadowserver.org, a site that tracks such things:
“The mean time to infection is less than five minutes,” said Richie Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a group of about 20 researchers and investigators. The team is tackling a menace that in the last five years has grown from a computer hacker pastime to a dark business that is threatening the commercial viability of the Internet.
Great Scot! The simple reality of these bots is terrifying to the security-minded: Any computer connected to the Internet can be vulnerable. Botnet attacks can come with their own antivirus software, permitting the programs to take over a computer and then effectively remove other malware competitors.
According to the article, Microsoft investigators “were amazed recently to find a botnet that turned on the Microsoft Windows Update feature after taking over a computer, to defend its host from an invasion of competing infections.”
Good lord. What’s more, botnets have evolved quickly to make detection more difficult, recently using “fast-flux,” a technique that generates a rapidly changing set of Internet addresses to make the botnet more difficult to locate and disrupt.
Yikes. So what’s a user to do?
First, take Microsoft’s Malicious Software Removal Tool out for a ride. Then make sure your firewall is up and you’re up to date with all security patches.
Then pray. Because these zombies are hard to find, much less kill. Just last week, Secunia, a computer security firm, tested a dozen leading PC security suites and found that the best one detected only 64 out of 300 software vulnerabilities.