Page 1468 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1468
strains is a program known as Cryptolocker.
Botnets
A few years ago, one of the authors of this book visited an
organization that suspected it had a security problem, but the
organization didn’t have the expertise to diagnose or resolve the
issue. The major symptom was network slowness. A few basic tests
found that none of the systems on the company’s network ran basic
antivirus software, and some of them were infected with a Trojan
horse.
Why did this cause network slowness? Well, the Trojan horse made
all the infected systems members of a botnet, a collection of
computers (sometimes thousands or even millions!) across the
internet under the control of an attacker known as the botmaster.
The botmaster of this particular botnet used the systems on their
network as part of a denial-of-service attack against a website that
he didn’t like for one reason or another. He instructed all the
systems in his botnet to retrieve the same web page, over and over
again, in hopes that the website would fail under the heavy load.
With close to 30 infected systems on the organization’s network,
the botnet’s attack was consuming almost all its bandwidth!
The solution was simple: Antivirus software was installed on the
systems and it removed the Trojan horse. Network speeds returned
to normal quickly.
Worms
Worms pose a significant risk to network security. They contain the
same destructive potential as other malicious code objects with an
added twist—they propagate themselves without requiring any human
intervention.
The internet worm was the first major computer security incident to
