Beware the invasion of the automated software ’bots
Just when you think Internet bad guys couldn't get any worse, we've been seeing a huge increase in the number of automated software programs, called agents, or 'bots (short for robots). No, we're not talking about robots from the silver screen, benevolent beings like R2D2, and Terminators 2 and 3. Instead, we're talking about some truly evildoers on the 'Net.
Previously only existent in the minds of conspiracy theorists, 'bots have been around for a few years now. Many 'bots are, in fact, built with good intent.
For example, 'bots are used to collect information for search engines. Popular commercial 'bots allow folks to optimize their use of eBay and find bargains just before expiration, among other things. 'Bots are sometimes used as moderators in chat rooms or on message boards, to detect profanity or other undesirable conversation and take action, such as warning or penalizing offenders or deleting or modifying the content.
'Bots are also used to play games over the Internet. Ever wonder why so many folks are available to play your favorite on-line game of choice? Sure, most of the time it's real people out there, but if it's slow, and you have to pay to play, the game administrator simply fires up a couple of 'bots and collects your money. Many on-line poker players believe that online casino's use 'bots to sneak peeks at the player's hand and bet accordingly. We don't necessarily believe that's the case -- after all, Vegas casinos make way more money playing the odds as opposed to cheating their customers. But hey, if you think playing poker online is a good idea, believe whatever you want!
Typically, though, 'bots are used for all kinds of nefarious schemes. Usually, these nasty types of 'bots infect unsuspecting PCs all over the 'Net, much like viruses or spyware. This allows the 'bot controller to wreak all kinds of havoc.
For example 'bots are used to coordinate "denial of service" attacks to overwhelm a company's network. 'Bots can also collect sensitive information such as passwords, credit card numbers, and social security numbers from unknowing users.
Many times, 'bots are also used to emulate real users on the Internet. This allows crooks to manipulate all kinds of information on the web. For example a "click fraud" 'bot will pretend to repeatedly click on an ad, thereby generating higher fees to advertisers who pay on a "per-click" basis. Similarly, 'bots can fake an increase in the popularity of books, articles, stocks, or even political candidates. Finally, of course, 'bots can spawn new 'bots.
'Bots have become so popular that criminals are starting to rent out their use. Evidence suggests that the going rate for 'bot infected PCs are 10 to 25 cents per machine.
What can you do to avoid being compromised by a 'bot? By employing the same set of tools you use to avoid other threats. This includes firewalls, anti-virus and anti-spam software, and of course good old common sense.
John Agsalud is president of ISDI Technologies Inc., a Honolulu-based IT consultancy. Call him at 944-8742 or e-mail
jagsalud@isdi-hi.com.