About 10 years ago, worms and distributed denial of service attacks were the epidemic cybercriminals used to disrupt network infrastructure. Technical periodicals, business magazines and the mainstream media were astounded by these large organized attacks. Experts warned the public of  these threats and the potential threat posed by botnets. No one Imagined the scale of the problem which has resulted in zombie networks stealingmoney from their credit cards, the hijacking of their email or IM accounts, or their ISP disconnecting them from the Internet.

This concept has resulted in a dramatic escalation and transformation from infrastructure attacks to direct assaults on people via spam, spyware, phishing and ID theft. Arrests are up, working groups are formed and the Federal Trade Commission has jumped into the fold, but consumer security remains at risk as phishing emails remain widespread. Attackers have learned a compromised system is more useful than a crashed system.

Botnets (also known as zombie networks), have evolved into one of the most serious information security threats. A botnet is a network of computers which are infected with a malicious program that enables cybercriminals to remotely control infected computers. Malicious programs that are designed specifically for use in creating botnets are called bots.

Botnets have computing power comparable to a super computer. They are used as a powerful cyber weapon against ISP’s, governments and corporations as effective tools for making money illegally. The owner of a botnet establishes an attack command (and  controls the computers which form the network) anywhere in the world anonymously. The owner of an infected machine usually does not even suspect that the computer is being used by cybercriminals. Some still use IRC communications which is usually encrypted but others have Http comms. Attack vectors are DOS, SPAM Relay, and Phishing Sites to name a few. They typically propagate through unpatched vulnerabilities, file shares and peer to peer (P2P) networks. Most zombie machines are home users’ PCs.
 
Botnets can be used by cybercriminals for conducting a broad range of malicious activities, from sending spam to attacking government networks.  There are thousands of new bots created each day, but the bot per botnet ratio is decreasing as the number of botnets increases. The result is more firepower.

Upon building a Windows XP Pro box and putting it on the network (unpatched behind a proxy) in 2004 we typically would have multiple virus infections within 2 to five minutes at  a DOD installation. Recently, we placed a honey pot with the same OS on the net and our box was recruited into 15 unique botnets within 72 hours. We only registered a few worms in the same period.

Today, cybercriminals do not need specialized knowledge or large amounts of money to get access to a botnet. To purchase on the Internet, simply find an appropriate advertisement and contact the advertiser. The underground botnet industry provides everyone who wants to use a botnet with everything they need, including software, ready-to-use zombie networks and anonymous hosting services, at low prices. Once you obtain the bot, (program that can remotely perform certain actions on a user’s computer without the user’s knowledge) you are ready to go.

The Zeus crimeware toolkit is the most established crimeware toolkit in the underground economy but December 2009 saw the introduction of a new crimeware toolkit. SpyEye V1.0 appeared for sale on Russian underground forums for $500 a pop. It has quickly gained ground on Zeus. It even hooks the same Wininet API (Wininet.dll) (HttpSendRequestA) as Zeus for communications.

They compromise broadband and dial-up systems (Some estimate 12 million infections of systems at the beginning of 2010). The number of systems infected actually exceed the populations of at least 160 sovereign nations. This army of unpatched, unprotected systems is primarily used for the following:
 
Sending spam

This is the most common use for botnets, and is also one of the simplest. Experts estimate that over 80% of spam is sent from zombie computers. It should be noted that spam is not always sent by botnet owners: botnets are often rented by spammers. According to our data, an average spammer makes 15 to 40 cents per infected computer (100 – 200 thousand per year). Botnets made up of thousands of computers allow spammers to send millions of messages from
infected machines (to your inbox) within a very short space of time.

Blackmail

The second most popular method of making money via botnets is to use tens or even hundreds of thousands of computers to conduct DDoS (Distributed Denial of Service) attacks. This involves sending a stream of false requests (they prefer SQL injection attacks) from bot-infected machines to the web server under attack. As a result, the server will be overloaded and consequently unavailable. As a rule, cybercriminals demand payment from the server’s owner in return for stopping the attack.

Today, many companies work exclusively on the Internet. Downed servers bring business to a halt, resulting in financial losses. To return stability to servers as soon as possible, such companies are more likely to give in to blackmail than ask the police for help. This is exactly what cybercriminals are counting on, and DDoS attacks are becoming increasingly common.

DDoS attacks can also be used as a political tool. In such cases, attacks usually target servers belonging to government organizations. What makes such attacks particularly dangerous is that they can be used as provocation, with a cyber attack on one country being conducted from servers in another country and controlled from a third country.

Anonymous Internet access

Cybercriminals can access web servers using zombie machines (spoofing) and commit cybercrimes such as hacking websites or transferring stolen money. This activity, of course, appears to come from the infected machines.
 
Selling and leasing botnets

One option for making money illegally using botnets is based on leasing them or selling entire networks. Creating botnets for sale is also a lucrative criminal business.

Phishing

Addresses of phishing pages are often blacklisted soon after they appear. A botnet allows phishers to change the addresses of phishing pages frequently, using infected computers as proxy servers. This helps conceal the real address of the phishers' web server.
 
Theft of confidential data

This type of criminal activity will probably never lose its attraction for cybercriminals. Botnets help increase the haul of passwords (passwords to email and ICQ accounts, FTP resources, web services etc.) and other confidential user data by a factor of a thousand. A bot used to create a zombie network can download another malicious program, e.g., a password stealing (PSW) Trojan, and infect all the computers on the botnet with it, providing cybercriminals with passwords from all the infected computers. Stolen passwords are sold or used for mass infections of web pages (in the case of FTP account passwords) in order to further spread the bot program and expand the zombie network.

Finally

Today, you can't use old, signature-based technology to protect against malware associated with botnets. You have to look ahead a bit, focus on finding ways to stop botnet communications. Botnets are among the main sources of illegal income on the Internet and they are powerful weapons in the hands of cybercriminals. It is totally unrealistic to expect that criminals will relinquish such an effective tool. Security experts view the future with some trepidation as they anticipate the continued development of botnet technologies.
 
A gap in traditional anti-malware coverage suggests that Trojans and other botnet-related software should be treated as a separate product category. Cybercriminals  have an interest in creating international botnets but they can be used by governments or individuals to exert political pressure in tense situations. In addition, anonymous control of infected machines that does not depend on their geographic location could be used to provoke cyber conflicts.

The threat itself is no longer just a virus or a piece of spyware. It's a multi-network, multi-faceted type of threat. There are multiple command-and-controls and multiple attack capabilities. You really can't depend on anti-virus protection anymore. If you are running a business, you need a combination of multiple security tools. Signature-based anti-virus serves an important purpose, but you can't look at bot armies the same way you look at a virus attack. There are bots that can update themselves every 30 minutes. You can't expect signature-based anti-malware on a desktop to be effective against that.
 
When you consider networks with resources of tens or hundreds of thousands (or even millions) of infected computers, there is the potential to be extremely dangerous – a potential which has not yet been fully exploited. The vast majority of all this cyber power stems from infected home computers, which comprise the majority of zombie machines exploited by cybercriminals.

In Windows you have deleted a file from the recycle bin, it's unrecoverable, gone forever; if you haven't deleted the file from the recycle bin, you may still be in luck. Actually, for the moment, you have deleted the link to the file but the file is still present as long as you have not allowed a significant amount of activity and time to pass.

If the file has not been deemed defunct and swept out of the bin, Windows won't actually permanently overwrite your file until new data rides in and is written to disk; so, the file still resides on your hard drive, even when purged from the recycle bin, but it can't been seen anymore. Bearing this in mind, there's always a chance that Windows hasn't overwritten your deleted data yet, so your file may still be recoverable if you've the right tools at your disposal.

Where's my File?

Your document was there a second ago, now it's not! Did you accidentally clean it out from the recycle bin, or perhaps you simply misplaced or renamed it on your hard drive? Think straight, and don't panic. Before investing in a professional file recovery program, try several tips that may save you time and money.

First, if you think you may have deleted it, don't run any programs or services that write data to your hard drive. Remember when I said deleted files will eventually get overwritten given enough time? Well, this is why it's wise not to provoke Windows into doing any data output to your hard disk while your file is still on a missing. Start with using the built-in Window search tool--Start menu, Search. Start out by searching for the entire file's name or a part of the file's name. If you locate your file using this method, be sure to make a backup to a thumb drive or email it to yourself for offsite storage.

Another Method

So, you've searched your hard drive with Windows Search and have come up empty. It may be time to bring in the big guns. If you query Google, you'll find a multitude of file recovery utilities, alongside the supposedly more reputable pay-before-you-own programs. One example, FreeUndelete, may be just what you need to get your file back; it's interface is clean, simple, easy to use, and it's clean from the nuisance of spyware and adware!

Resurrection After Reformatting

If you have the misfortune of accidentally reformatted your hard drive? You have got yourself a nightmare, but, you can recover your data from even this catastrophe? It requires a little more muscle than a simple data recovery utility provides. QueTek offers a solution called File Scavenger 3 (free if you download on cnet) you can buy for $49 USD, which is a lot cheaper than many of the other recovery solutions on the market; File Scavenger also offers most of the features of its more expensive competition.

Failing Hard Drive Recovery

If your hard drive is making weird noises, And your experiencing odd corruption errors, You may very well be experiencing signs of a dying hard drive. Take these signs to mean the imminent death of your hard drive, and start backing up, backing up,backing up right away!

Keepit.com Free, is a free service that allows one user to connect to the server with 2 GB of space (for regular activity). Keepit.com Unlimited, gives the non business user unlimited access to a backup server for $4.95 per month. This allows one PC, server access. This web based (software as a solution) will save your files, your precious data and keep you secure while you keep going.

It's a sickening, desperate feeling: your laptop has been stolen and all of your pictures, files and data is in someone elses hand...A fire ravages your home and your system has melted taking all of your data with it...A natural disaster hits (tornado, hurricane, etc.) and your system is gone. No restore point will do you any good here. Maybe your PC won't boot up and you can't figure out why! What makes these troubling scenarios so nightmarish is the sinking feeling of not having a back up of your data. In the last scenario Windows won't even wake up.

My experience in the IT industry has exposed me to all of these scenarios at one time or another. An unscrupulous Self Storage stole my servers and equipment with all data, a fire devastated my systems and media by melting them (all in my home) and I was a Unix Administrator assigned to a Disaster Recovery Center responsible for making recoveries after Hurricane Katrina. Off site storage or web based applications (Software as a service) are solutions for these issues.

The cool thing about web applications is that you'll always have access to it no matter where you're at; just as long as the computer you're using--Internet café, library, school, etc.--has an Internet connection and a capable web browser, you're all set. And storing your data online can provide peace of mind; after all, if your data resides on a remote server and Windows falls prey to a nasty virus or your hard drive decides to kick the bucket, at least all your important remote files will be safe from the catastrophe.
 
Web Applications

Web applications are so seamless that you may not even know that you're using one. For instance, if you use Gmail or Google Docs, it may appear that you're interacting with just a sophisticated web page, which it is on the surface, but at root, you are really using an application akin to the desktop variety that we are all used to. Once web browsers became more powerful and more intelligent and the full potential of Javascript and server side scripting was coupled and realized by programmers, functional and fluid web applications started mushrooming up all over the web.

If you prepare your backups with an online service, you're using a web application. Before such web backups were available to users, one would need to use tape based systems with backup clients to do all complete all of their storage tasks. Backups were configured, uploaded, downloaded, and restored locally, right to tape or on your computer's hard disk. If you use Software As A Service (SAAS), your backups are performed via your web browser, and it's stored on the providers servers. As long as you can access the net--any computer with net connection and capable browser--then you can manage your backups through the provider no matter where you are in the world, a very convenient thing when using web apps and the reason why so many users prefer them to their desktop equivalents.

One of my gripes with using web apps, is that if the service goes out of business--probably won't happened any time soon with Keepit.com, of course--then all your backups will probably be discarded. Bearing this in mind, it's probably a good idea to go with the more reputable backups services, not the little dinky ones that sprout up overnight. So, what does one do?

Enter the Keepit

Keepit provides Big-Business IT best-practice for the little guy – true multi-destination, multi-schedule backup that can be adapted to meet your needs with reasonable consumer pricing.

Gone are the days the user worries about 3 tape, six tape or ten tape backup rotations. Your backup plan encompasses Keepit which eliminates unnecessary clicks and complex settings during the set up, backup and restore process. The Powerful Recovery process Keeps an unlimited version history of all your files. You can access your data anywhere in the world using just a web-browser. Never be without that critical file again.

This web based service provides Global Roaming Access to your files and has offerings that come in three flavors (Keepit.com Free, Keepit.com Unlimited and Keepit.com Pro). It runs in the background as a service, which ensures that scheduled backups are done even if you don’t log-on to your PC. Backup any data, any time, to any destination. You save it – we back it up offsite invisibly and automatically, keeping an unlimited version history that lets you roll-back to any point in time.

Keepit.com Free, is a free service that allows one user to connect to the server with 2 GB of space (for regular activity). Keepit.com Unlimited, gives the non business user unlimited access to a backup server for $4.95 per month. This allows one PC, server access.

The features of Keepit.com Unlimited are:

    * Unlimited space for all your irreplaceable files
    * A simple client, easy to install on any PC
    * Smart selection of default folders for backup
    * Automatic daily backup of your PC
    * Start and stop the backup whenever you want to
    * 30 day history - so you can go back to a point of time,
      before you accidentally deleted a file, and retrieve it
    * backups support

Keepit.com Pro, is for the business user. This is a pay as you go solution. The option of connecting one or more PCs to the account is left to the user. The amount of space required is also to be determined by the user. A minimum charge of $3.95 per month applies; and additional storage is available at a rate of $0.50 per GB per month.

The general features of Keepit.com Pro are:

    * Windows Server compatibility
    * A simple client, easy to install on each computer
    * Smart selection of default folders for backup
    * Automatic daily backup of each computer
    * Backup can be stopped and started individually
    * 30 days history of each backup set
    * Control panel for managing the account
    * Phone support and prioritized email support

The first backup (is always a Full backup) takes some time but is faster than most backup systems available in the market even with a lower bandwidth speed. The subsequent backups are incremental and only files that have changed will be backed up. Keepit has fully flexible scheduling for monthly, weekly, daily, hourly or instant backup. If the initial backup is interrupted for any reason, the backup begins from the place it left off, supporting continuous backups.

The restore process is very simple. The user needs to merely navigate to the restore tab and select the type of restoration they need. Users can restore by backup set, or all files or selected files.

Data transfer between the PC and the server is encrypted using Rijndael (AES) encryption. The data is stored in multiple servers that are placed in geographically different locations to guard against natural disasters and data loss due to other factors. Users can choose to pay for Keepit.com Unlimited or Keepit.com Pro for 12-24 months. A discount of two months will be given to users who pay in advance for 24 months. What a great deal.