A recently discovered botnet of more than 70,000 machines included many government and business computers.
Web security experts say campus IT officials should stop using students’ Social Security numbers as identifications, because about 5,900 known botnets have stolen valuable information from computers in many sectors, including higher education.
Shadowserver, an organization that tracks botnet incidents in governments, education, and the private sector, unveiled the running tally of botnets days before security firm Symantec released a report March 2 showing a 5.5 percent hike in spam eMail last month, spurred mostly by botnets. Spam now accounts for 90 percent of all eMail sent within the U.S., Symantec said.
A single botnet, called Grum, is responsible for 26 percent of worldwide spam, according to the Symantec report. The harmful spam messages were mostly disguised as pharmaceutical eMails.
“The activities of this single spam operation have been driving recent global surges in spam rates and strongly impacting global spam levels in turn,” said Paul Wood, a senior analyst for Symantec. “Based on these latest spam patterns, we can predict additional surges in spam in the coming weeks.”
Botnets are networks of compromised computers controlled by malicious software programs that exploit web browser vulnerabilities and a host of other security holes in a personal computer, such as those found on campus networks. Once a botnet takes control of a computer, it can scan the hard drive and web links for personal information that can be stolen and used by a hacker, who controls the botnet remotely.
Hackers then can sell that information to people who use passwords and secret user names to steal money from bank accounts and use personal and business credit cards.
Peyton Engel, a technical architect for CDW-G, said colleges and universities find it easy to identify students by their Social Security numbers, but as botnets and viruses become more dangerous and difficult to detect, campus IT staff should assign students random numbers generated by an algorithm.
It’s not a solution to stopping botnet attacks, Engel said, but if hackers find student ID numbers that don’t correspond to Social Security numbers, damage can be mitigated.
“They haven’t found how to prevent the incident,” he said. “But they just made it so that it’s not as damaging [if a botnet attacks].”
Engel said botnets have evolved in recent years, making it almost impossible for campus IT officials to target a botnet and eliminate it before it jumps from computer to computer, collecting sensitive information such as passwords, keystrokes, and screen shots that are siphoned out to spammers.
“One trend that we’re seeing is that botnets are getting stealthier,” he said. “You used to know you had a botnet because you could see your machine trying to infect all the other machines. … You could see exactly how it was spreading.”
While botnets have largely avoided IT experts on the lookout for the damaging agents, security firm NetWitness Corp. discovered a botnet of 74,000 infected machines last month that were stealing information from more than 2,400 business and government computers.
The botnet stole about 70,000 credentials, mostly login information for Facebook and personal eMail accounts.