On CNET: DJs - A club-worthy USB mixer
BNET Business Network:
BNET
TechRepublic
ZDNet
28 TalkBacks

By Dan Ilett, News.com
Posted on ZDNet News: Mar 16, 2005 6:32:00 PM

Despite Microsoft's renewed focus on security, recent research shows that computers running Windows XP and 2000 form the bulk of botnets.

The study, carried out by the German Honeynet Project, found that more than 80 percent of Web traffic from the networks of compromised computers used four ports designated for resource-sharing by various versions of Windows. The research also indicated that the vulnerabilities behind some of the exploits used to take over a PC can be found by searching for information on Microsoft's security bulletins.

"Clearly most of the activity on the ports...is caused by systems with Windows XP (often running Service Pack 1), followed by systems with Windows 2000. Far behind, systems running Windows 2003 or Windows 95/98 follow," Honeynet Project researchers wrote in the report.

Microsoft responded by reiterating its commitment to secure engineering platforms in the face of botnet attacks, which it said were often carried out for illegal ends.

"Creating malicious IT and data threats is a criminal offense that affects everybody. This type of criminal activity is usually driven by financial motive, and criminals often target the Microsoft platform and its applications because of its large installed base," the company said in an e-mailed statement. "This is however a serious cross-industry issue, where no organization is immune from the threat."

The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).

Botnets are commonly used for denial-of-service attacks, where a target computer is overloaded with data and fails. They are also used for spamming, spreading malicious software, manipulating online polls and mass identity theft.

From the beginning of November 2004 until the end of January 2005, researchers saw 226 denial-of-service attacks against 99 unique targets. They looked at 100 botnets in the four-month period and saw 226,585 unique IP addresses involved with at least one of the botnets monitored.

Dan Ilett of ZDNet UK reported from London.

  • Talkback
  • Most Recent of 28 Talkback(s)
For the nix faithful.
It's not a security hole in the kernel. It's a user configurable setting. Wow I guess nix and MS have more in common. They can both shout out "It's not a flaw, it's a feature".... (Read the rest)
Posted by: IT Scion Posted on: 03/22/05 You are currently: Logged In | Log out
Well there you go Linux User 147560   | 03/16/05
But, but, but... Martin Marvinski   | 03/16/05
But ISS gets hacked much more because it only has 20% market share! Jeff Spicoli   | 03/16/05
But that's only because.... nucrash   | 03/16/05
Well.. Jeff Spicoli   | 03/16/05
Hey, leave the Apple icons alone FilledOut   | 03/17/05
It's the M$hill mantra: "Because of Market Share!" Xunil_Sierutuf   | 03/16/05
Apple did it FilledOut   | 03/17/05
Oh Jeff - you so funny! quietLee   | 03/16/05
This is why Roger Ramjet   | 03/17/05
Day late and couple dollars short quietLee   | 03/17/05
And for the truly smug Penquinista quietLee   | 03/17/05
For the nix faithful. IT Scion   | 03/22/05
Not that I disagree IT Scion   | 03/17/05
LOL.. was there any doubt a Flawed OS(TM) was behind it? Xunil_Sierutuf   | 03/16/05
Well, gee...... TechType   | 03/16/05
I think its more complicated Roger Ramjet   | 03/16/05
But does Linux make a better hosting platform FilledOut   | 03/16/05
Hope I won't be affected... Grayson Peddie   | 03/16/05
Surprise surprise Joe Fristoe   | 03/16/05
You're assuming a robust design... Xunil_Sierutuf   | 03/16/05
I run windows behind a NAT router osreinstall   | 03/16/05
Did anyone actually read this thing? arentol   | 03/16/05
Ooh, big surprise. John Carroll  ZDNet | 03/16/05
One side of the coin Roger Ramjet   | 03/17/05
Another way to look at it NonZealot   | 03/17/05
Glad you finally recognized Roger Ramjet   | 03/17/05
Only one problem NonZealot   | 03/17/05

What do you think?

advertisement
advertisement