Botnets

[Nytro]

Botnets

A botnet is a network of compromised computers that are controlled remotely and surreptitiously by one or more individuals, called bot-herders. Computers in the botnet, called nodes or zombies, are usually ordinary computers with always-on broadband connections, sitting on desktops in homes and offices around the world. Usually, computers belong to botnets because their owners or users have been tricked into installing malware that secretly connects the computer to the botnet and performs tasks like sending spam, hosting malware or other illegal files, and attacking other computers. Often the user never knows his or her computer is being used for nefarious ends.

A botnet is in many ways the perfect base of operations for computer criminals. Botnet malware is designed to operate in the background, without any visible evidence of its existence. Often the victim has no idea that his or her computer is infected and so is less likely to subject it to a malware scan that might detect and remove the infection. By keeping a low profile, botnets are sometimes able to remain active and operational for years. Botnets are also attractive to criminals because they provide an effective mechanism for covering the tracks of the botnet user—tracing the origin of an attack leads back to the hijacked computer of an innocent user, where the trail ends.

Getting a botnet up and running is only the first step. A botnet can be used as a platform for a variety of criminal activities, depending on how the bot-herders choose to configure the individual nodes. In addition to identity theft, botnets have many uses, including:

Sending spam. Much of the spam sent today originates from botnets, which use several different techniques to get their unwanted messages past recipients’ mail filters. In addition to renting out the botnet to spammers, bot-herders also send spam themselves in an effort to increase the size of the network.

Perpetrating distributed denial of service (DDoS) attacks. In a DDoS attack, multiple computers attack a target server (typically a web server) by flooding it with traffic, saturating the target’s bandwidth, and rendering it effectively unavailable to other users. Criminals sometimes threaten companies with DDoS in an effort to extort money from them, or they launch DDoS attacks against security researchers or others they believe have wronged them. DDoS has even been used in “cyber-warfare” attacks launched against countries or regions.

Hosting malware or illegal content. Peer-to-peer (P2P) networks are effective mechanisms for retrieving or distributing media content. They work like search engines to locate media that people have made available. Some content is illegal, either to own or to distribute, so criminals often use hijacked computers as a place to store illegal content. Unwitting owners of hijacked computers may be delivered lawsuit papers by rightful content owners for distributing copyrighted material—or arrested by police for distributing child pornography. Hijacked computers are also used to host web pages used in phishing attacks and to host and distribute additional malware.

Perpetrating click fraud. Criminals sometimes use botnets to generate fraudulent “clicks” on pay-per-click advertisements, such as those hosted by some search engines and other websites. The advertiser pays a fee to the advertising network for every click its advertisement receives, so click fraud can be used to financially harm a competitor.

The most common method used for controlling botnets is Internet Relay Chat (IRC), a distributed system for real-time chatting. When the botnet is installed on a victim’s computer, it connects to an IRC channel that the bot-herder has established and waits for instructions. From there, all the bot-herder has to do to activate the bots is connect to the channel and type in some predefined commands, and they’re off—sending spam, launching DDoS attacks, hosting phishing pages, or whatever else the herder has in mind. Recently, botnets have even used P2P mechanisms for command and control, making them more difficult to shut down once discovered.

Sursa: Reference Guide