A bot is a software robot, also known as a zombie or drone, that allows an unauthorized user to remotely take control of a host computer without the victim's knowledge or permission. Infected computers can be used to launch distributed denial-of-service attacks, send spam and spyware, or commit cyber extortion. According to McAfee Avert Labs, more than 70 percent of spam e-mail is caused by botnets. The major problem with botnets occurs when they are used for attack purposes. For example, if several large botnet armies maliciously join together, they could threaten the national infrastructure of most countries.
A botnet of one million bots, with a conservative 128kbps broadband upload speed per infected bot, can wield a powerful 128 gigabits of traffic. This is enough to take most Fortune 500 companies offline using distributed denial-of- service attacks.
Earlier this year, a global telecommunications company with a business unit in Central America experienced several unusual problems including multiple network outages -- some lasting up to six hours -- which disrupted businesses and national connectivity, and took automated teller machines offline for extended periods of time. A botnet-based distributed denial-of-service attack had crippled the country's infrastructure. In order to address the threat and bring the network back online, McAfee's IntruShield Network Intrusion Prevention System appliances were deployed.
"Botnets can result in country-wide outages and disruptions," said Eric Winsborrow, vice president of product marketing at McAfee, Inc. "Fortunately, we were able to deploy a proactive network IPS solution to counter the flood of botnet attacks, which lead to an immediate resolution of symptoms and a subsequent 95 percent decrease in botnet traffic."
Intrusion prevention -- a preemptive approach to network security -- can identify, alert and block attacks against network infrastructure, systems and end-points in real-time. McAfee addressed the threat of botnets by identifying them as a distinctive category of attack and proactively blocking their communication and installation.
Robert Rodriguez, who spent over 22 years as a special agent with the United States Secret Service, believes botnets are a serious threat to governments and enterprises. "The recent growth of botnets poses perhaps the greatest security threat to individuals and nations," said Rodriguez, principal, Rodriguez & Associates LLP. "Botnets are a major threat and a powerful weapon of cyber-criminals. Proper procedures and policies, along with cooperation from law enforcement, will mitigate risk to the infrastructures of enterprises and governments."
Network intrusion prevention systems are a key component of an organization's network security and risk management strategy, and are advocated as best practice by leading experts, analysts, agencies and organizations.
