Hackers return fire at security patches
In a report on robot program ('bot') activity for the period January 1 to June 30 2005, Internet security vendor Symantec found an average of 10,352 bots online per day.
This compared with an average of 5,000 bots per day around December 2004.
Bot networks are compromised computers on which attackers have installed software that listens for and responds to commands -- commonly over a chat channel -- allowing remote control of the computers.
The rise in bot activity follows the release of Microsoft's Service Pack 2 in August 2004, a free download issued by the vendor to combat a range of security exploits. Prior to its release, 30,000 bots per day had been recorded in July 2004.
The 2005 rise was a sign that hackers and malicious users were fighting back against vendor patching, according to the report.
"It is likely that bot network owners have been required to modify their attack methods in order to maintain viability in the face of these changes," the report said.
Coinciding with the rise in bots, the report found denial of service (DoS) attacks jumped by 680 percent in the same period, to an average of 927 per day. Bot networks are commonly used to execute DoS attacks.
"This increase in DoS activity is largely due to the corresponding increase in bot network activity. It may be related, at least in part, to financial motivation, as DoS attacks have been reported in extortion attempts," the report said.
Symantec also found such bot networks were available for hire. The report detailed an example from a chat service, whereby a bot network owner advertised the size, capacity and price of the network he was offerring. Customised bot binary code was available for between US$200 and US$300.
"These communications indicate that it is not uncommon for those who maintain control of these bot networks to provide full or partial access to the compromised systems for a fee," the report said. The report was compiled via 24,000 sensors monitoring network activity in over 180 countries.