Botnets: A Threat (And Opportunity) for Managed Services Providers?
Call it the silent small business killer. Many small businesses have so called botnets or zombie software lurking in the background on their notebooks, PCs and servers. Here’s how botnets work, and here’s how managed services providers can stamp out the problem.
Simply put, a botnet is a collection (network) of compromised machines, often referred to as “zombies.” The botnet can involve computers in a single company, or it can extend across millions of consumer and business systems. Some pundits estimate that botnets have infiltrated roughly one-quarter of all personal computers connected to the Internet.
Cyber criminals use these botnets in a few ways.
- One way is on a machine by machine basis. They collect data from the individual zombies by installing a key stroke logger or other malware in the background. They can then sell the collected information on the black market.
- The second way the botnets work is by sending spam, launch phishing attacks, or creating denial of service attacks.
For the cyber criminals, the goal often is to grow the botnet as big as possible, and to collect as much information as possible.
Most botnets are named after the software used to create it. One very popular piece of botnet software being used today is called “Zeus.” This software has been around for many years and over the past few years cyber criminals have written add-ons to this malware, customizing it to meet their needs.
To grow a botnet, the originator (known as the “bot herder”) will use several tactics such as drive-by downloads, exploiting web browser vulnerabilities, worms, Trojan horses, or even exploits in applications.
There are many ways to deal with Zeus and other botnets — including free botnet detection tools. But I wonder: Are you dealing with this problem today or do you have customers asking you for help?
TJ Alldridge is product marketing manager at Trend Micro. Guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship.