We`re at War with Botnets - What is a Botnet?

Botnets are groups of software robots that operate independently and automatically. They compromise computers, and then infect them with Trojan horses, worms, or backdoors. Botnets can cause other damage as well, such as performing denial-of-service attacks, spamdexing, stealing login IDs, application serial numbers, or financial information -- particularly credit card numbers. Another name for these infected machines is "zombie computers."

Bot herders, or crackers, remotely manage botnets through Internet Relay Channels (IRC) servers or C&C (command-and-control) servers. Botnets are invisible and can take advantage of a hidden channel, such as IM, RFC 1459 standard, or Twitter to talk to the C&C server. The bot herder uses different tools, such as buffer overflows and exploits, to compromise the computers. The botnet herder's goal is to steal as many computing resources as possible.

Botnets have gotten much more sophisticated over the past few years, and that's due in large part to these creative botnet herders who use the HTTP protocol instead of IRC as their command-and-control protocol. Since HTTP is the most commonly used protocol for Internet communication, they don't see the need to block their traffic. It's also important to remember that botnets are hard to detect and many of them contain built-in protocols that enable zombie computers to merge with genuine outbound web traffic.

Botnet herders can also create their own commanding protocols, which consist of a client operation program, server application, and the software that it implants on the infected computer. These three components are able to interact with each other via the network, because they contain a unique encryption method that prevents any identification or intrusion into the botnet network.

Once the botnet gets on a personal computer, it immediately searches for other IP addresses that are at risk of being compromised. The botnet then tries to spread itself by performing actions, such as deceiving the user into clicking a bad instant message link. Botnet herders can also command the botnet to probe the Internet for genuine websites that are vulnerable to SQL injection attacks. Once the bot herders obtain this information, they can insert malware on these sites. The more the botnet spreads itself, the more unsolicited mail it can send. Botnets account for approximately 95 percent of the spam that is delivered across the Internet.

Botnets rely on peer-to-peer (P2P) relationships. They use this relationship in order to communicate with other botnet servers so as to provide better redundancy. For example, there can be a group of 20 or more individual high-speed compromised computers that behave as servers.

Approximately 11 percent of computers are infected with botnets. Paul Royal, director of research at Damballa, an Atlanta-based botnet security firm, estimates between 65 million to 90 million personal computers have been compromised. Meanwhile, about five percent of corporate computers are infected with botnets. In other words, botnets can infect personal computers, corporate, university, and government computers.

Botnets pose dangerous threats to the Internet. For this reason, typical IRC networks have gotten aggressive and now impede access to prior-hosted botnets. Determined to resist being detected, botnet herders are aiming to reduce botnets' sizes. That way, they can launch more precise attacks.

Next: Culprits for Spreading Botnets >>
 

More Web Hosting Security Articles
More By Joe Eitel