By Laura Yecies
In Mid-November, botnet herders and spammers took a major hit when San Jose, Calif.-based ISP McColo was shut down by its upstream ISP when it was reported to be acting as a host and conduit for cybercrooks. The effect on global spam numbers was immediate and significant, with some estimates claiming a drop of 60% or more.
Less understood was the effect on the distribution of other malware and child pornography, but regardless, it was a victory for the good guys.
But it was short-lived. Within a matter of days, the hackers behind the botnets managed to relocate to ISPs overseas and re-activate the networks of zombie PCs.
So while McColo might be out of McLuck, the crooks barely skipped a beat.
What’s the answer? If the Internet is going to stay true to its origins, a mish-mash of various independent networks all inter-connected; there may not be an easy one. ISPs are under the domain of local governments, and in many countries the government could either care less or may even be complicit thanks to rampant corruption or bribery. All cybercrooks need is a place to host their activities and connect to the Net.
And some overseas ISPs are proving all too willing to provide them a home.
Like other types of crime, I don’t think it works to only stop the criminal. Certainly, we want to pursue these guys to the ends of the earth, and I cheered the McColo shutdown. But even if you succeed in shutting down one crook, someone else will take their place. The only way to reduce cybercrime is to significantly reduce the opportunity.
That means more secure code, better proliferation of security software, and better education to help prevent people from turning into a zombie.
A little more about what McColo meant to you:
Botnets are groups of individual PCs (maybe yours) controlled by a remote hacker. People who have zombie PCs at some point were compromised by malware that infected their PC and enabled a hacker to gain full control…in many cases unbeknownst to the owner. Sometimes, the only symptom may be a sluggish PC or processing activity when you’re not doing anything.
Hackers steal the bandwidth (IE your connection to your ISP) of these networks of zombie bots to send out millions of spam messages that cannot be tracked back to the sender (they’re hiding because of the CAN-SPAM laws). They’ll also use your PC to host illegal pornography to avoid getting caught (and yes, the cops could show up at your door, and it’s not easy to explain how it got on your PC when you maybe didn’t even know it was there!). Additionally, hackers will use your PC to send out more malicious software in order to add even more victims to the network.
When McColo got shut down, if you were part of one of the botnets being hosted through them, your PC would have been freed, albeit temporarily.
How to avoid becoming a bot? Besides the normal proactive measures we advocate here, be aware. If your PC starts acting up, don’t blow it off. Run a security scan ASAP. If you are a bot, security software can remove the malware and give you back control of your PC.