Botnet profits, SQL Injection, and Realtime Keyloggers

I am often asked by clients about the economics of viruses, spyware, and botnets, so here are a couple articles that may help us all understand the financial incentives of getting malware onto computers:
This article provides a little insight into the wold of botmasters. Cisco researchers managed to infiltrate this world by going undercover. These guys are not interested in identity theft – they just take over machines, organize them into botnets, and sell or rent these botnets to others. Some claim to be raking in $5000-10,000 per week and they acquire most of their machines through simple phishing scams. They only need 1 percent of recipients to open malicious attachments in order to build their botnets.
Only 20 percent of these botmasters even understand the code they are using to control these machines – you don’t have to be a computer genius to run a botnet. You can purchase the code fairly openly on the internet (that is another article).
You don’t have to be a genius to employ SQL injection attacks either. Again, the tools are readily available and you don’t have to know how they work to use them. According to this article,SQL injection attacks are the top attack technique on the web. Older versions of MS SQL are particularly susceptible. SQL injection works by simply injecting SQL commands into forms or other input areas. If the input is not checked and “sanitized” before it is passed on to the SQL engine, these commands can be executed to steal data. Some of the biggest data thefts in recent years were pulled off this way.
As the internet matures, “real time” communications become possible. This allows us to have phone conversations via VOIP, allows musicians to play together, and allows gamers to play with others in real time. As always, there are malicious uses as well. This article explains how hackers can use key loggers that send data in real time to bypass one-time password devices, which have always been one of the most effective security tools available. The key, of course, is to keep these keyloggers off of computers in the first place.
This has always been a battle of “ordinance vs. armor”, and that is not going to change. New security techniques spawn new attacks, which spawn new defenses. As business consultants, all we can do is try to stay on the cutting edge and make sure are clients are current with their defenses.
Dennis H in West Virginia, US
August 25, 2009