Share
How SMBs Can Banish the Botnet

How SMBs Can Banish the Botnet

“On the Internet, nobody knows you’re a dog.”

This caption, which appeared under a New Yorker cartoon in 1993, has since been reproduced and has spawned more memes than any other cartoon caption in the magazine’s history. The cartoon shows two canines logging onto the internet from what is probably their master’s computer, and it drives home the problem that the person who is on the receiving end of an internet message cannot verify who (or what) sent that message.

The expansion of the internet since 1993 has been accompanied by an exponential growth of this problem. Hackers and unscrupulous marketers have written automated programs, called “bots” that propagate themselves through networks of computers, called “botnets,” in order to send spam email messages or malware to everyone whose email address happens to be stored in one of the computers that is on the botnet. In a more nefarious recent development, hackers have developed bits that launch distributed denial-of-service (“DDoS”) attacks that flood a recipient’s servers with tens or hundreds of thousands of system calls per second, which overwhelms and shuts down the recipient system.

The owners and users of the computers that are co-opted to become part of a botnet typically have no idea that their computers are part of a network that is spawning malware and sending out automated messages to recipients on their mailing lists. Small- and medium-sized businesses (SMBs) are common targets for botnet hackers because SMBs typically have voluminous email address lists that can be plumbed to further propagate malicious bots.

Fortunately, SMBs have options to help them to banish the bot and to protect their networks and client email lists from hackers. Installing anti-malware software protection is a basic option, but the effectiveness of this method is a function of keeping the software up-to-date in order to screen out the latest bots that hackers have developed.  Other options include:

  • CAPTCHA sign-ins. CAPTCHA sign-ins require website visitors to enter codes before allowing them to log into a company’s website. A machine or a bot would presumably not be able to recognize and reiterate the code. Only human internet users and not bots (or dogs) can get past a CAPTCHA screen. A business’s customers and clients may find a CAPTCHA screen to be bothersome, but newer forms of the CAPTCHA login are minimizing end user objections.
  • Employee training and awareness. A company’s employees are often the weakest link in its defenses against bots. Employees should be trained to refrain from opening attachments in emails or on social media sites that come from unknown or anonymous sources and to limit or avoid using company devices to access the internet from unsecure public Wi-Fi hotspots. 
  • Detecting and removing botnets. All companies can monitor their networks, among other reasons, to detect slow or irregular behavior, to determine if multiple machines on the network are making DNS calls to the same location, and to record and evaluate traffic spikes and unusual patterns. Infected machines should be immediately removed from a network and cleaned, which may require deleting all information on them and restoring them with fresh software.

 

Failure to detect and remove bots can lead to dire consequences. For example, the Zeus bot virus (as well as scams and fake messages purporting to be Zeus virus removal tools) has periodically reared its head over the past five years as unwitting users have clicked on malware links. The virus then steals banking and financial information before propagating itself to other machines.

Even when a company does implement steps to banish the bots, some of those bots can slip through even the most rigorous filters and cause extreme problems for both the target company and the third parties whose information is compromised or whose own computers are recruited into the botnet from the infected company’s machines. Cyber risk insurance can help a company to recover its losses and to cover liabilities that flow from this scenario. A message recipient may never be able to determine if the sender of the message is a person, a bot or a dog, but cyber risk insurance can reduce the monetary losses that may be connected with that uncertainty.

Leave a Comment