In March this year, when many government agencies around the world were attacked by unknown botnets (network of computers used to carry out automated tasks such as spamming) for espionage purposes, they were termed GhostNets, as the botnets could not be detected.
"Once GhostNets infect the system, it becomes a zombie machine that could be controlled by a master computer called the command and control server. From the command and control server, cybercriminals can manage their botnets and instruct the army of zombie computers to work on their behalf," explains Shantanu Ghosh, VP, Indian Product Operations, Symantec India.
Analysts say that these programmes are not system heavy or resource intensive and become active only when a certain piece of information is there on the system. So, even if you delete the mail after opening it or installing a required plug-in, the bots get installed.
"We have noticed that a few hacker organisations are actively involved in the development and dissemination of the toolset used to create the back door used in GhostNet. This threat, named Backdoor.GhostNet, can easily be created by just about anyone who can use the toolset, which is built to be very easy to use," added Ghosh.
So, how can users safeguard themselves from a threat that can't be detected?
"Users need to know that this is like any other cyber crime and is there to stay. It might change form or mutate in future. They keep their anti-malware software updated irrespective of whether it can detect GhostNets or not. Besides, they can use technologies like reputation services to block access to the source of the malware. Also, never install plug-ins without knowing the URLs," advises Abhinav Karnwal, product marketing manager, APEC at security firm Trend Micro.
© 2025