Written by McAfee researchers Ken Baylor and Chris Brown, the whitepaper examines the growing problem of botnets through the lens of experience gained while protecting an unnamed Central American country.
Botnets had repeatedly attacked the county's national telecommunications company, bringing its infrastructure to its knees.
Baylor and Brown warned that this is a good example of the destructive power that unrestricted botnets can harness.
"A botnet of one million bots, with a conservative 128 Kbps broadband upload speed per infected bot, can wield a powerful 128 gigabits of traffic," the paper reported. "This is enough to take most of the Fortune 500 companies (and several countries) offlline using DDoS attacks. If several large botnets are allowed to join together, they could threaten the national infrastructure of most countries."
Also known as zombies or drones, bots are computers controlled remotely by unauthorised users without the system owner's knowledge or permission. McAfee Avert Labs estimates that more than 70 percent of spam is sent from bot networks.
In the newly released whitepaper, McAfee suggests that using intrusion prevention systems (IPS) to fight botnets may be the best approach. McAfee researchers believe that simple string-based detection is not sufficient to do the job.
"Things are looking fairly grim as the rise in the number of variants of IRC bots has grown by leaps and bounds over the last couple of years," wrote Allysa Myers on McAfee's Avert Labs blog. "Strictly using string-based detection against the unending tide certainly appears to be a lost cause."
Myers believes that, in addition to better cooperation between security companies and ISPs to shut down botnet controllers, there needs to be a paradigm shift in security strategy to only allowing known traffic rather than blocking known malicious traffic.
Click here to email Ericka Chickowski.
McAfee warns botnets could threaten infrastructure
By Ericka Chickowski on Oct 24, 2006 6:20PM