Bots, Smaller and Wilier, Deepen Their Threat to Networks

IP network operators said bots—computers overtaken and controlled remotely to send out various attacks—have overtaken distributed denial of service (DDoS) attacks as the most harmful assaults on Internet backbones, according to a survey, released today by Arbor Networks, a Lexington, Mass. security software vendor and managed service provider.

ISPs ranked botnets and DDoS attacks as their top two concerns, respectively.

See Baseline’s slideshow on how to combat bot attacks

DDoS attacks are the biggest weapon in the botnet arsenal, the survey found: respondents said DDoS attacks were found in 71 percent of botnet incidents. And DDoS attacks have grown in scale to multi—gigabit attacks using tens of thousands of zombie computers, according to Arbor’s report. Zombie computers are computers whose security has been compromised.

“(ISPs) can’t mitigate those attacks themselves,” said Danny McPherson, Arbor’s chief technology officer. “That has changed the paradigm for service providers,” forcing network operators to work more closely with managed service providers to overcome the threats.

The survey, conducted between July 2006 and June 2007, found that the size of some attacks actually exceeded the rate of ISP’s network capacity. While most ISPs have upgraded their infrastructure to 10 gigabits per second, two specific attacks exceeded 20 Gbps.

The rise poses a particular threat to IP—based communications: only two in 10 network operators said they have tools to detect threats against Voice over Internet Protocol, and only about one in 10 have the capability to mitigate those attacks. The threat against domain—name systems is less severe, but still a concern. A little more than a third of respondents said they had tools to detect DNS threats; fewer said they could actively respond.

In June, following the arrest of three notorious “botherders,” the Federal Bureau of Investigation reported that it had identified more than one million zombie computers.