Skip to main content

Bad Bot activity on the rise as they avoid traditional detection

Distil Networks - a global leader in bot detection and mitigation - today published its report; “The 2016 Bad Bot Landscape Report: The Rise of Advanced Persistent Bots.”

Bad bots are essentially a network of computers that hackers compromise by malware and Trojans with malicious intent. The hacker then uses the compromised PCs as the launching points for anonymous attacks on other targets.

The fact that an attacker can control bots remotely is the reason they are popular, as the real attacker remains anonymous. This is because it is the unfortunate owner of the PC who authorities will trace, but they probably have no idea that their computer is participating in any nefarious actions – hence the term zombie computers. Until recently, anti-virus software was able to mitigate much of the risk, but now it appears bots have become more advanced and persistent.

Rami Essaid of Distil Networks explains: “When we dug into the bot activity in 2015, we identified an influx of Advanced Persistent Bots (APBs), can mimic human behaviour, load JavaScript and external assets, tamper with cookies, perform browser automation, and spoof IP addresses and user agents. The persistency aspect is that they evade detection with tactics like dynamic IP rotation from huge pools of IP addresses, using Tor networks and peer to peer proxies to obfuscate their origins, and distributing attacks over hundreds of thousands of IP addresses.

"A whopping 88 per cent of 2015 bad bot traffic were APBs. This shows that bot architects have already taken note of traditional bot detection techniques and are finding new sophisticated ways to invade websites and APIs, in an effort to take advantage of critical assets and impact a business's bottom line.”