January 29, 2007 9:51 AM PST

Net pioneer predicts overwhelming botnet surge

Internet pioneer Vint Cerf has warned high-powered attendees at the World Economic Forum in Davos, Switzerland, that the Internet is at serious risk from botnets.

Vast networks of compromised PCs, used by criminals for sending spam and spyware and for launching denial-of-service attacks, are reported to be growing at an alarming rate in terms of their potential. Cerf, now an employee of Google, warned that they could undermine the future of the Internet and likened their spread to a pandemic.

Cerf predicted that a quarter of all PCs currently connected to the Internet--around 150 million-- could be infected by Trojans that covertly seize control of a computer and its broadband connection, handing control of both to criminals in remote locations.

According to Mark Sunner, chief security analyst at MessageLabs, Cerf's words of warning are far from scaremongering and the picture is at least as serious as Cerf paints it.

Sunner said that around the turn of the year security experts were watching one botnet, called Spam Thru, which not only had its own antivirus protection to clear other botnets off "its patch," but had the potential to be 10 times more productive than most other botnets while evading detection because of built-in defenses.

The most worrying thing about Spam Thru, he suspects, is that a major spike in traffic toward the end of 2006 was merely a testing of the waters and that much worse could be to come--particularly when other similarly sophisticated botnets appear online.

"With new levels of sophistication this has reached a real milestone," Sunner added. "Botnets are getting smaller, more stealthy and more discreet and yet the volumes of spam are going up.

"Without a hint of scaremongering, will this get a lot worse throughout 2007 in terms of botnet sending? Absolutely, yes."

Will Sturgeon of Silicon.com reported from London.

See more CNET content tagged:
Vint Cerf, trojan horse, security, PC

6 comments

Join the conversation!
Add your comment
It's not such a big deal, actually.
Even if a particular botnet operator can TAKE THE INTERNET DOWN for a few hours, they will not do this. Because the moment they do this everyone goes home with a CD that cleans off their machine from that crap and secures it REALLY WELL for the future. Instead, the smart botnet operator will keep using 1-2% of their full potential to stay low and still achieve their goals. Maybe sometimes increasing to 5%. Point is, securing against botnets is VERY EASY (automatic windows updates + NOD32orKAV) so those who have control over the stupid user's machine will want that user to remain unaware for as long as possible. Major breaking news telling ppl "your computer is likely infected" isn't going to serve his goal...
Posted by Fictia (32 comments )
Reply Link Flag
Maybe not an imminent big deal but still a threat
I agree that it is unlikely that this will be done by current botnet operator's but to me the key is the potential. I also agree that the majority or people infected are the uninformed, though I don't blame them as their are a lot of software prevention measures that could be more readily available that can clamp down on opening email files and when it is ok to open them that we are not currently using. However, I think the threat comes more from the use of this by people who may use the computers to do acts such as cyber-terrorism in co ordinance with regular attacks. I know it sounds a little conspiracy theory but it really is a possibility with bonnet communities able to shut down virtually any system when they use their full potential.
Posted by MD525 (22 comments )
Link Flag
It's not such a big deal, actually.
Even if a particular botnet operator can TAKE THE INTERNET DOWN for a few hours, they will not do this. Because the moment they do this everyone goes home with a CD that cleans off their machine from that crap and secures it REALLY WELL for the future. Instead, the smart botnet operator will keep using 1-2% of their full potential to stay low and still achieve their goals. Maybe sometimes increasing to 5%. Point is, securing against botnets is VERY EASY (automatic windows updates + NOD32orKAV) so those who have control over the stupid user's machine will want that user to remain unaware for as long as possible. Major breaking news telling ppl "your computer is likely infected" isn't going to serve his goal...
Posted by Fictia (32 comments )
Reply Link Flag
Maybe not an imminent big deal but still a threat
I agree that it is unlikely that this will be done by current botnet operator's but to me the key is the potential. I also agree that the majority or people infected are the uninformed, though I don't blame them as their are a lot of software prevention measures that could be more readily available that can clamp down on opening email files and when it is ok to open them that we are not currently using. However, I think the threat comes more from the use of this by people who may use the computers to do acts such as cyber-terrorism in co ordinance with regular attacks. I know it sounds a little conspiracy theory but it really is a possibility with bonnet communities able to shut down virtually any system when they use their full potential.
Posted by MD525 (22 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.