In a recent article published at Baseline Security,a number of large corporations were identified to be hostingbot-infected computers. Although this created some waves of surprise,it really shouldn’t have. Sure, bot network owners tend to target homeusers but it isn’t because home users are their preferred target;they’re just an easy target. Home users’ computers are limited in theirmalicious usefulness. They tend to have low bandwidth capabilities thatlimit their ability to send spam and carry out denial of serviceattacks. Also, they are often monitored and regulated by their Internetservice providers.
Computers in large corporations, on the other hand, have a greaterrange of possibilities. These computers may be more difficult tocompromise, assuming they are behind firewalls, protected by intrusionprevention systems, and regularly updated. However, with huge numbersof computers being used by a large and varied group of users, somenetworks and computers are bound to slip through the cracks of assetand software management. With their access to high bandwidth andoften-unfiltered connections, the bot network community scoops thesecomputers up quickly.
In the past, Symantec has seen evidence to support the idea thatlarge corporations play host to bot network computers. The first clueis in weekly attack trends. Symantec has observed that attack activityis substantially higher during work hours, which would indicate thatthese attacks are being carried out from computers that are on duringthose hours. Furthermore, Symantec has also observed that at least 42%of all bot-infected computers that were identified in the last sixmonths of 2006 were identified as being on computers withincorporations.
So what’s the solution? It is the same as ever. Networkadministrators and managers in large corporations need to work outsolutions to manage their networks, keep their patches up to date, andkeep their security software running at top capability. That is thebest defense against compromise until software vendors can be countedon to produce secure software right out of the box.