Hackers have hit back against major security patches issued by the likes of Microsoft, with a marked rise in self-installing robot programs that allow an unauthorised user to control a computer remotely.

In a report on robot program (‘bot’) activity for the period January 1 to June 30 2005, Internet security vendor Symantec found an average of 10,352 bots online per day.

This compared with an average of 5,000 bots per day around December 2004.

Bot networks are compromised computers on which attackers have installed software that listens for and responds to commands — commonly over a chat channel — allowing remote control of the computers.

The rise in bot activity follows the release of Microsoft’s Service Pack 2 in August 2004, a free download issued by the vendor to combat a range of security exploits. Prior to its release, 30,000 bots per day had been recorded in July 2004.

The 2005 rise was a sign that hackers and malicious users were fighting back against vendor patching, according to the report.

“It is likely that bot network owners have been required to modify their attack methods in order to maintain viability in the face of these changes,” the report said.

Coinciding with the rise in bots, the report found denial of service (DoS) attacks jumped by 680 percent in the same period, to an average of 927 per day. Bot networks are commonly used to execute DoS attacks.

“This increase in DoS activity is largely due to the corresponding increase in bot network activity. It may be related, at least in part, to financial motivation, as DoS attacks have been reported in extortion attempts,” the report said.

Symantec also found such bot networks were available for hire. The report detailed an example from a chat service, whereby a bot network owner advertised the size, capacity and price of the network he was offerring. Customised bot binary code was available for between US$200 and US$300.

“These communications indicate that it is not uncommon for those who maintain control of these bot networks to provide full or partial access to the compromised systems for a fee,”

The report was compiled via 24,000 sensors monitoring network activity in over 180 countries.

Explore More

FBI Fears Chinese Hackers and/or Government Agents Have Back Door Into US Government & Military Computer Networks

ome months ago, my contacts in the defense industry had alerted me to a startling development that has escalated to the point of near-panick in nearly all corners of Government

Read More

Invisible Browsing v6.5

Invisible Browsing v6.5 Info: Invisible Browsing will hide, change or mask your IP address, letting you surf anonymously preventing your IP or other information to be collected without your permission.

Read More

How does a cross site scripting (XSS) attack work?

A cross site scripting attack works in the following manner: * The attacker identifies a web site that has one or more XSS bugs for example, a web site that

Read More