More and more people are becoming aware of Botnets and the problems they can cause.  What used to be an esoteric technical subject has entered the common vernacular, and well it should. A recent Computer World article goes into a great deal of the technical aspects. I will not attempt to do the same here, so check out the article if you’re unfamiliar with the topic.

The size and complexity of these zombie computer networks is staggering. Many have over a million personal computers as “members.” Obviously the vast majority of these have been incorporated without the knowledge or consent of the owners. They are used by their handlers (BotHerders) to do everything from spam distribution, to malware spreading, to actual attacks.

Botnets can develop in several ways:

  • You can write your own code for a unique network;
  • You can buy an existing package, and customize it for your use;
  • You can contract with a criminal enterprise, and they will either “rent” you their Bot, or they will customize one for you; or
  • You can simply buy a “kit” and go into business for yourself.

As you can see, while some routes require a lot of tech sophistication, others require next to none. The two individuals who worked the Mariposa BotNet out of Spain turned out to have fairly low level skills. They obtained the software and used it effectively. To paraphrase one commentator, “I can write papers using Word, but that doesn’t mean I can write the code to develop a word processing program.”

The bottom line is this: you must be aware that Bots are out there, and they “want” your computer. Good cyber hygiene (staying away from bad sites, not opening unknown attachments or e-mails, patching quickly and correctly, etc.) will not guarantee you will be safe, but poor hygiene will pretty much guarantee that you will become a zombie for some one.

Learn all you can, be smart, and hope we find a way to fight this growing scourge.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More