Hackers have hit back against major security patches issued by the likes of Microsoft, with a marked rise in self-installing robot programs that allow an unauthorised user to control a computer remotely.

In a report on robot program (‘bot’) activity for the period January 1 to June 30 2005, Internet security vendor Symantec found an average of 10,352 bots online per day.

This compared with an average of 5,000 bots per day around December 2004.

Bot networks are compromised computers on which attackers have installed software that listens for and responds to commands — commonly over a chat channel — allowing remote control of the computers.

The rise in bot activity follows the release of Microsoft’s Service Pack 2 in August 2004, a free download issued by the vendor to combat a range of security exploits. Prior to its release, 30,000 bots per day had been recorded in July 2004.

The 2005 rise was a sign that hackers and malicious users were fighting back against vendor patching, according to the report.

“It is likely that bot network owners have been required to modify their attack methods in order to maintain viability in the face of these changes,” the report said.

Coinciding with the rise in bots, the report found denial of service (DoS) attacks jumped by 680 percent in the same period, to an average of 927 per day. Bot networks are commonly used to execute DoS attacks.

“This increase in DoS activity is largely due to the corresponding increase in bot network activity. It may be related, at least in part, to financial motivation, as DoS attacks have been reported in extortion attempts,” the report said.

Symantec also found such bot networks were available for hire. The report detailed an example from a chat service, whereby a bot network owner advertised the size, capacity and price of the network he was offerring. Customised bot binary code was available for between US$200 and US$300.

“These communications indicate that it is not uncommon for those who maintain control of these bot networks to provide full or partial access to the compromised systems for a fee,”

The report was compiled via 24,000 sensors monitoring network activity in over 180 countries.

Explore More

Dyne’s Hackers List v1.10

0x01 – Definitions: Hacker vs Cracker The New Hacker’s Dictionary defines Hacker as: “A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as

Critical XSS Vulnerability in Thanyawzin – Myanmar Online Friends Community http://www.thanyawzin.com/

PlanetCreator has reported another Critical XSS Vulnerability in Thanyawzin – Myanmar Online Friends Community http://www.thanyawzin.com/ Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications

Critical SQL Injection in Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet)

PlanetCreator has reported another critical SQL Injection (vulnerability) on Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet) http://www.myantel.net.mm/ SQL injection is a code injection technique that exploits