The mobile device has become a common part of modern life. Their convenience and features have made us more mobile device productive and available. The projected growth of the global mobile device market in the near term is estimated at around thirty percent annually, driven by new markets, cost reductions, and new functions and features. The growth, features and the use of mobile devices combined make them a target of cyber attackers. Mobile device ‘botnets’ are beginning to appear and their threat will increase for the foreseeable future.
What is a botnet? A botnet refers to a collection of compromised computers that are connected to the Internet and are under the remote control by individuals other than the owner of the computer. A computer or "bot" serves the wishes of the bot master. These wishes can include the massive distribution of spam, viruses, worms or the generation of traffic used in a distributed denial of service attack (DDoS). Botnets currently pose the biggest threat to organizations connected to the Internet. This is evidenced by the fact that nearly 15 percent of all computers online have been compromised and are bots. This number grew 50 percent from last year according to the Georgia Tech Information Security Center (GTISC).
Originally limited to computers, mobile devices, primarily cell phones, are now becoming unwilling participants in botnets. For several years, security experts have demonstrated the ability to remotely compromise cell phones. The current generation of phones possess more application functionality than ever before and faster 3G networks to connect to. When cell phones are used in a cyber attack, they can deliver a two-for-one punch. On the cellular network, they generate malicious traffic in a DDoS attack as well as significant cell traffic leading to network congestion and disruption. On an IP network they can act just like their desktop and laptop “big brothers” emitting massive amounts of IP traffic.
Bots can be created in a variety of ways. A few of the more common methods include Trojans, emails, unauthorized instant message clients or by visiting an infected website. Once the bot has been installed, it avoids detection while awaiting instructions from the bot master. The process of stealing computing resources as a result of a system being joined to a botnet is sometimes referred to as "scrumping."
Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can propagate through, the more valuable it becomes to the bot master and bot controller community.
Content Contributor:
Technolytics is a security research and intelligence provider and
Solutionary's partner.
November, 2010
