Report: Bad Bots on the Rise

LOS ANGELES—Following a year-long study into the state of bot traffic, website security firm Incapsula found that "bot traffic went from consisting of 51 percent to 61.5 percent of all Internet traffic, a 10.5-percent increase," has reported. More worrisome, however, is the fact that data from the study indicates that thirty-one percent of the bots are malicious.

"For this story, a bot is a malicious mobile, social, porn, or spam robot that lives on the Internet and unsuspecting users’ devices," adds David Geer for CSO. "People errantly install mobile bots on smartphones as hidden elements of software bundles or free apps from third-party app stores. Since phone vendors do not authorize these downloads, users typically jailbreak or root their devices in order to enable a wider selection of free apps.

"However," he continues, "rooting disables the fundamental security that is present when it is impossible to download or install other than screened approved apps from the phone vendor’s app store."

Geer explains the different types of bots in his article, Bad bots on the rise: A look at mobile, social, porn, and spam bots, but we are of course mostly interested in the porn bots, about which he writes, "Porn bots include chat room spammers and bots that pop up on adult websites. Chat room spammers crawl the Internet looking for chat forums that use technologies such as Internet Relay Chat (IRC) and web-based chat. Porn bots invade these sites, messaging offers of free adult images via links.

"Porn chat bots," he adds, "live on free adult websites where they pop up chat windows with pictures of attractive people saying, I see you are from [your town here]. I live in your area. Would you like to chat?' The chat bot determines the user’s location based on their IP address."

The whole point, explains security strategist Richard Henderson to Geer, is to lower an individual's defenses. "There’s some rudimentary intelligence in those bots, designed to build familiarity with the user to entice them to click to another porn site, which will require them to pay for premium content," he said.

It could be argued that the other types of malicious bots actually represent more danger to the unaware surfer that the porn bots do, but because the use bots are put to is ever-evolving and can always become more dangerous, all bots, writes Geer, "increase the impact of malware, and social engineering through the sheer number of people they can reach almost instantaneously.

"Through drive-by threats," he adds, "bundled malware, and secretly-manifested financial charges, bad bots increase the financial gains of gangsters and hackers in attacks that frustrate consumers and enterprise employees."

For that and other reasons, another security expert approached by Geer, James Brown from JumpCloud, suggested that firms not be complacent about trying to deal with bots. "Enterprises should monitor network traffic for all uncharacteristic, unexpected, and suspicious network behavior," he told Geer. "In particular, traffic leaving servers for anomalous locations such as countries where the enterprise does not do business or to an Internet address that a server does not typically contact should raise red flags."

The issue of BYOD (bring your own device) is also directly related to potential bot infestation, and the article suggests developing a policy to try to deal with personal devices rather than try to prohibit employees from using them.

"It’s easier to work with most employees, keeping them happy, and regulating what they can do while addressing a much smaller number of infractions," writes Geer. "Then when someone doesn’t agree to the policy or abide by it, the enterprise can block the device or sanction the user.

"A typical BYOD policy that eases employee, device, and bad bot management permits a limited number of specified devices while requiring some combination of a suite of security software, NAC, and monitoring software," he adds.