Advertisement
Promo

Security threats Toolkit

Botnets use Windows for wicked work

Dan Ilet ZDNet.co.uk

Published: 16 Mar 2005 17:15 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Despite Microsoft's renewed focus on security, latest research shows that computers running Microsoft Windows XP and 2000 form the bulk of networks of compromised computers, commonly called botnets.

The study carried out by the German Honeynet Project found more than 80 percent of Web traffic from botnets used four ports designated for resource sharing by various versions of Windows. The research also found that the vulnerabilities behind some of the exploits used to take over a PC can be found by searching for information on Microsoft's security bulletins.

The report stated: "Clearly most of the activity on the ports... is caused by systems with Windows XP (often running Service Pack 1), followed by systems with Windows 2000. Far behind, systems running Windows 2003 or Windows 95/98 follow."

Microsoft responded with an emailed press statement that said: "Creating malicious IT and data threats is a criminal offence that affects everybody. This type of criminal activity is usually driven by financial motive, and criminals often target the Microsoft platform and its applications because of its large installed base. This is however a serious cross-industry issue where no organisation is immune from the threat. Security is a top priority for Microsoft and it is committed to engineering platforms that are more secure and trusted "

The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).

Botnets are commonly used for denial-of-service (DoS) attacks, where a target computer is overloaded with data and falls over. They are also used for spamming, spreading malware, manipulating online polls and mass identity theft.

From the beginning of November 2004 until the end of January 2005, researchers saw 226 DoS-attacks against 99 unique targets. They looked at 100 botnets in the four-month period and saw 226,585 unique IP addresses involved with at least one of the botnets monitored.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
86 out of 176 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters