/>
X
Innovation

Botnets use Windows for wicked work

Botnet researchers have found that Microsoft Windows is the preferred vehicle for zombie armies
Written by Dan Ilett, Contributor on

Despite Microsoft's renewed focus on security, latest research shows that computers running Microsoft Windows XP and 2000 form the bulk of networks of compromised computers, commonly called botnets.

The study carried out by the German Honeynet Project found more than 80 percent of Web traffic from botnets used four ports designated for resource sharing by various versions of Windows. The research also found that the vulnerabilities behind some of the exploits used to take over a PC can be found by searching for information on Microsoft's security bulletins.

The report stated: "Clearly most of the activity on the ports... is caused by systems with Windows XP (often running Service Pack 1), followed by systems with Windows 2000. Far behind, systems running Windows 2003 or Windows 95/98 follow."

Microsoft responded with an emailed press statement that said: "Creating malicious IT and data threats is a criminal offence that affects everybody. This type of criminal activity is usually driven by financial motive, and criminals often target the Microsoft platform and its applications because of its large installed base. This is however a serious cross-industry issue where no organisation is immune from the threat. Security is a top priority for Microsoft and it is committed to engineering platforms that are more secure and trusted "

The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).

Botnets are commonly used for denial-of-service (DoS) attacks, where a target computer is overloaded with data and falls over. They are also used for spamming, spreading malware, manipulating online polls and mass identity theft.

From the beginning of November 2004 until the end of January 2005, researchers saw 226 DoS-attacks against 99 unique targets. They looked at 100 botnets in the four-month period and saw 226,585 unique IP addresses involved with at least one of the botnets monitored.

Editorial standards

Related

The 21 best Black Friday deals under $30 ahead of Cyber Monday
Amazon Fire TV Stick 4K

The 21 best Black Friday deals under $30 ahead of Cyber Monday

The 52 best Black Friday deals on Amazon ahead of Cyber Monday
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 52 best Black Friday deals on Amazon ahead of Cyber Monday

The 62 best Black Friday deals at Costco ahead of Cyber Monday
LG 65" Class - QNED80 Series

The 62 best Black Friday deals at Costco ahead of Cyber Monday