On mySimon: Prince Rocking Horse
BNET Business Network:
BNET
TechRepublic
ZDNet
28 TalkBacks

By Dan Ilett
Posted on ZDNet News: Mar 16, 2005 6:32:00 PM

Despite Microsoft's renewed focus on security, recent research shows that computers running Windows XP and 2000 form the bulk of botnets.

The study, carried out by the German Honeynet Project, found that more than 80 percent of Web traffic from the networks of compromised computers used four ports designated for resource-sharing by various versions of Windows. The research also indicated that the vulnerabilities behind some of the exploits used to take over a PC can be found by searching for information on Microsoft's security bulletins.

"Clearly most of the activity on the ports...is caused by systems with Windows XP (often running Service Pack 1), followed by systems with Windows 2000. Far behind, systems running Windows 2003 or Windows 95/98 follow," Honeynet Project researchers wrote in the report.

Microsoft responded by reiterating its commitment to secure engineering platforms in the face of botnet attacks, which it said were often carried out for illegal ends.

"Creating malicious IT and data threats is a criminal offense that affects everybody. This type of criminal activity is usually driven by financial motive, and criminals often target the Microsoft platform and its applications because of its large installed base," the company said in an e-mailed statement. "This is however a serious cross-industry issue, where no organization is immune from the threat."

The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).

Botnets are commonly used for denial-of-service attacks, where a target computer is overloaded with data and fails. They are also used for spamming, spreading malicious software, manipulating online polls and mass identity theft.

From the beginning of November 2004 until the end of January 2005, researchers saw 226 denial-of-service attacks against 99 unique targets. They looked at 100 botnets in the four-month period and saw 226,585 unique IP addresses involved with at least one of the botnets monitored.

Dan Ilett of ZDNet UK reported from London.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 28 Talkback(s)
For the nix faithful.
It's not a security hole in the kernel. It's a user configurable setting. Wow I guess nix and MS have more in common. They can both shout out "It's not a flaw, it's a feature".... (Read the rest)
Posted by: IT Scion Posted on: 03/22/05 You are currently: a Guest | | Terms of Use
Well there you go  Linux User 147560 | 03/16/05
But, but, but...  Martin Marvinski | 03/16/05
But ISS gets hacked much more because it only has 20% market share!  Jeff Spicoli | 03/16/05
But that's only because....  nucrash | 03/16/05
Well..  Jeff Spicoli | 03/16/05
Hey, leave the Apple icons alone  FilledOut | 03/17/05
It's the M$hill mantra: "Because of Market Share!"  Xunil_Sierutuf | 03/16/05
Apple did it  FilledOut | 03/17/05
Oh Jeff - you so funny!  quietLee | 03/16/05
This is why  Roger Ramjet | 03/17/05
Day late and couple dollars short  quietLee | 03/17/05
And for the truly smug Penquinista  quietLee | 03/17/05
For the nix faithful.  IT Scion | 03/22/05
Not that I disagree  IT Scion | 03/17/05
LOL.. was there any doubt a Flawed OS(TM) was behind it?  Xunil_Sierutuf | 03/16/05
Well, gee......  TechType | 03/16/05
I think its more complicated  Roger Ramjet | 03/16/05
But does Linux make a better hosting platform  FilledOut | 03/16/05
Hope I won't be affected...  Grayson Peddie | 03/16/05
Surprise surprise  Joe Fristoe | 03/16/05
You're assuming a robust design...  Xunil_Sierutuf | 03/16/05
I run windows behind a NAT router  osreinstall | 03/16/05
Did anyone actually read this thing?  arentol | 03/16/05
Ooh, big surprise.  John CarrollZDNet Moderator | 03/16/05
One side of the coin  Roger Ramjet | 03/17/05
Another way to look at it  NonZealot | 03/17/05
Glad you finally recognized  Roger Ramjet | 03/17/05
Only one problem  NonZealot | 03/17/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here