Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:40 AM
Connect Directly

When Bots Don't Care - Or Don't Know Enough to

Misguided apathy among consumers could be contributing to botnet proliferation

Each day, millions of machines around the world innocently send billions of spam emails and launch distributed denial-of-service attacks against other victims -- and most owners of these infected machines are unaware that their desktop computer or laptop is under the control of cybercriminals. But security experts worry that increasingly, users who do have a clue that their machine is infected with some sort of malware either just aren’t motivated to do something about it or don’t know what to do. (See New Massive Botnet Twice the Size of Storm and SecureWorks Unveils Research on Spamming Botnets.)

Many consumers don’t make the connection between their slowed-down laptop or extra bandwidth usage and how this could be a result of their machine helping execute a cyber attack against another user, company, or even another country. “The savvier users out there are aware of the problem,” says Ashar Aziz, CEO of botnet security firm FireEye. “But from the perspective [of most users], if performance affects them... that’s what they care about.”

Some consider a potential infection no big deal as long as their computer is working and getting them onto the Web. And many incorrectly assume that they don’t have any valuable data a hacker would want, anyway. “The majority of [consumers] are unaware that security plays a role in preventing online crime,” says Lucia Mikasa, senior director of marketing at Narus. “We’re so exposed to it that we assume everyone knew that.”

This misguided apathy could be a combination of factors, according to botnet experts. Consumers still don’t have the techno-savvy to grasp just what a botnet can do nor how to detect that their machine is a new recruit, and they just don’t consider bot-jacking being akin to their car getting stolen and used in a bank heist.

Botnet is still not a mainstream term, which is a big part of the problem. A recent survey conducted by the National Cybersecurity Alliance found that 71 percent of users have never heard of a botnet, while about 29 percent are “aware” of botnets. While 53 percent said they believed it was possible for a hacker to use their computer to launch an attack on a person, a business, and on our country, 59 percent said it’s not at all likely that the security of their computer could affect homeland security. Over 20 percent said it was “somewhat likely.”

There’s plenty of uncertainty among users, too: Forty-six percent of consumers in the NCA survey said they are “not at all” sure what to do if they became a victim of cybercrime, and nearly 50 percent said they don’t know how to protect themselves from the bad guys. (NCA surveyed nearly 2,250 online consumers between the ages of 18 and 65 for the survey.)

The industry needs to do a better job of teaching consumers about the connection between botnets, spam, cybercrime -- and their personal machines, say experts, like Amy Barzdukas, senior director of Microsoft’s Windows Live OneCare service. “Your machine could be used as a staging ground for a raid” on other machines, says Barzdukas. “We need to do a much better job of educating users” about the fact that they can indirectly be part of the cybercrime equation.

Then there are those users who regularly scan for viruses and patch their machines, but still get infected as bots. They often assume that scanning and patching keep them immune from bot infections, but not so, many botnet experts say: Botnets are becoming stealthier in order to avoid detection and stay alive, so their malware is also getting harder and harder to detect, too. The old adage that a slowed-down machine is the first sign of bot infection doesn’t always apply: Some bot malware is more low-profile now and doesn’t eat up the resources that it used to.

“The value of a botnet is its threat and longevity. The game here now is how can you leverage resources on that [bot] machine and tap into it for as long as possible without raising a flag,” says Doug Camplejohn, founder and CEO of Mi5 Networks.

It may take a more in-your-face approach to educate users on what bot infections really do, many botnet experts say. As in, your laptop could be spamming Grandma’s desktop, or is actively trying to get you more spam.

“Until you can put this in real terms” consumers can really understand, it won’t hit home, says Randy Abrams, director of technical education for Eset. “They can use someone’s machine to host child porn, for example. And law enforcement may not be savvy enough to know that you didn’t download that porn yourself,” leading to unfair prosecution.

But don’t completely blame the bot-infected user: Their ISPs and security vendors also need to up the ante in the botnet war, experts say. “ISPs really need to step up and be able to provide some type of early warning... that a botnet is building up,” for example, says Supranamaya Ranjan, aka Dr. Soups, a senior member of the technical staff at Narus.

And meanwhile, while the European Union and Japan are creating legislation for ISPs and governments to help eliminate bots, the U.S. hasn’t been as aggressive with its ISPs, notes FireEye’s Aziz.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • FireEye Inc.
  • Narus Inc.
  • Microsoft Corp. (Nasdaq: MSFT)
  • ESET
  • Mi5 Networks Inc.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Mobile Banking Malware Up 50% in First Half of 2019
    Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
    Exploits Released for As-Yet Unpatched Critical Citrix Flaw
    Jai Vijayan, Contributing Writer,  1/13/2020
    Microsoft to Officially End Support for Windows 7, Server 2008
    Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    [Just Released] How Enterprises are Attacking the Cybersecurity Problem
    [Just Released] How Enterprises are Attacking the Cybersecurity Problem
    Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-01-18
    A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
    PUBLISHED: 2020-01-18
    A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
    PUBLISHED: 2020-01-18
    An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
    PUBLISHED: 2020-01-18
    A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
    PUBLISHED: 2020-01-18
    An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...