009
online for as low as $500, and their attacks cost businesses
millions of dollars. The bot problem has become a big issue.
Botnets are Everywhere,
but How Critical is the Situation?
It is estimated that up to one quarter of all personal
computers connected to the Internet may be part of a
botnet
12
. Our recent research shows that in 63% of the
organizations at least one bot has been detected. Most
organizations are infected by a variety of bots.
How Botnets Work
A botnet typically has a number of computers that have
been infected with malicious software that establishes a
network connection with a control system or systems,
known as Command & Control servers. When a bot
OF THE ORGANIZATIONS
IN OUR RESEARCH ARE
INFECTED WITH BOTS
63
%
Number of Hosts Infected with Bots
(% of Organizations)
48
%
1-3 hosts
18
%
4-6 hosts
10
%
7-9 hosts
18
%
10-21 hosts
6
%
More than 21 hosts
infects a computer, it takes control of the computer and
neutralizes the Anti-Virus defenses. Bots are difficult to
detect because they hide within a computer and change
the way they appear to Anti-Virus software. The bot
then connects to the Command & Control (C&C)
center for instructions from the cyber criminals. Many
communication protocols are used for these connections,
S
p
a
m
,
V
i
r
u
s
,
D
D
o
S
Criminal
“Bot Herder”
Bot
Command
& Control
Computers
on the
internet
Chart 2-A
Source: Check Point Software Technologies