Cyber Security: Botnets The word "botnet" is a portmanteau of the words "robot" and "network" - the term is usually used with a negative or malicious connotation. So, a botnet is the generic name given to any group of computers that coordinate their activity over the internet. There are a number of harmless botnets used for such purposes as the Internet Relay Chat (IRC) text messaging program, but sadly, the vast majority are created by malware. A botnet generated by malware collection is compromised of PCs controlled remotely by an attacker. It is a "virtual robot army." The individual PCs that are part of a botnet are known as "bots" or "zombies" - and their owners may not even know they're being used.
What are Botnets?Botnets are typically created by a specific attacker or small group of attackers using one piece of malware to infect a large number of machines — although there's no minimum size for a group of PCs to be called a botnet. The individual PCs in a botnet are generally called "bots" or "zombies." Smaller botnets can be in the hundreds or low thousands of infected machines, and larger ones can run into the millions of PCs. Examples of well-known botnets that have emerged in recent years include Conficker, Zeus, Waledac, Mariposa and Kelihos. A botnet is often discussed as a single entity, but the creators of malware such as Zeus will sell their wares to anyone, so at any given time dozens of separate botnets may be using the same malware. How are Botnets created?Botnets are spread through viruses and worms, and once installed on the victim's computer they use the internet to make contact with a control computer. At this point, the infected computer (often called a zombie) will do nothing more except periodically check for instructions from the control computer. Over time, more and more computers are recruited to the incipient botnet until it may contain tens of thousands of zombies, but they don't raise suspicion as they appear to be doing nothing. The creator of the botnet can control the botnet using command and control (C&C) software. At future time, the control computer will issue a command for the botnet to wake up and begin doing something. This often happens because the people who created the botnet itself have either sold or rented the botnet to another group who want to use its capabilities for malevolent means. There are two main methods through which attackers infect PCs to make them part of a botnet:
In either case, once the attacker's code is on the user's machine, that PC is now part of the botnet. The attacker can issue remote commands to the PC, upload data from the machine, download new components and generally do what he wants with it. What are Botnets used for?Botnets can be used to:
How to protect yourself from botnetsThere are a number of defenses against the DDoS attacks that botnets are used for, but nearly all of them are on the ISP or server level. For users, the best defense against becoming part of a botnet is to keep all of the software on your machines patched and up-to-date and to resist clicking on suspicious links. Attackers rely on the gullibility of users to open malicious attachments or click on shady links in order to get their malware onto new PCs. Removing that from the equation makes it far more difficult for attackers to build and use botnets.
|
|