How botnets, hacking kits and weak apps aid cybercrooks

From: http://content.usatoday.com/communities/technologylive/post/2010/04/how-botnets-hacking-kits-and-weak-apps-aid-cybercrooks/1

Criminal-controlled botnets are becoming more resilient and powerful than ever. It's easier than ever for even low-skilled hackers to supply botnets with freshly infected PCs by using user-friendly virus tool kits, and many of them are using these tool kits to spread infections on weakly protected webpages put up by legitimate corporations, sayreports issued this week by Symantec's MessageLabs division, Microsoft, M86 Security, WhiteHat Security and Imperva.

The MessageLabs report and Microsoft report both show that even when the good guys manage to shut down large swarms of infected, spam-spewing PCs, the bad guys "quickly recover and continue to send malicious content almost uninterrupted," says Paul Wood, MessageLabs Intelligence senior analyst.

Rustock, the largest and most powerful botnet, controls between 1.6 million to 2.4 million infected PCs, and it has increased spam output by 300% in recent months, says Wood.

The M86 report details how hacker tool kits are becoming more refined, and more widely promoted. M86 has counted more than a dozen new kits being marketed on the Internet in the past six months. Most of these kits are in Russian, such as Adpack and Fragus, perhaps indicating the location of buyers, says Bradley Anstis, VP of Technology Strategy for M86 Security.

Meanwhile, the Ponemon Institute recently surveyed 627 IT pros at more than 400 multinational enterprises and government organizations as part of a study sponsored by WhiteHat Security and Imperva. The survey shows more than 55% of in-house developers assigned to write custom Web apps are are too busy to respond to security issues, while 74% of the survey respondents reported that their organization did not have a dedicated security team.

"Botnets are PCs that have been infected with malware. Malware predominantly spreads by exploiting unpatched Web browsers which people use to visit legitimate, yet infected websites," says Jeremiah Grossman, CTO of WhiteHat Security.

Websites, in turn, are getting infected by low-skilled hackers using purchased toolkits capable of searching out webpages ripe forSQL injection attacksthat crack into the database layer of weakly-protected websites. Click on a tainted webpage and you won't notice anything. But your PC gets turned into an obedient "bot," and for good measure, all of your account logons routinely get stolen.

"Welcome to the cat and mouse game," says Antsis. "Every time an infected bot gets remediated or a botnet gets taken down, the blackhats develop new ways to get around that."