The Wonderful World of Botnets

Posted by: Vereor [ITS Security] under Informative

Things you need to know about botnets, but are afraid to ask.

Part One

This two part series of articles will be devoted to botnets and malware.  The first article will give a good overview of what a botnets and malware are.  The second article in the series will teach you how to tell if your computer has been compromised and is your computer a member of a botnet , how to prevent your computer from becoming a member of a botnet and how to clean your computer if it has been botnetted.

1. What is a botnet?
A botnet consists of computers that have been taken over by secret, hidden software (malware) planted by hackers.  Botnets are also known as a zombie army and are usually made up of tens to hundreds of thousands of home computers.  Usually they are created to send spam, but others have been set up with more hostile intent like bank scams.

2. How do botnets get started?
Criminals can install malware several different ways.

• First, the botnet operator will scan the internet looking for unprotected computers.
• Then the botnet operator will send out a virus or worm to infect your computer. This can be done by sending an infected email, by visiting an infected website, or clicking an infected link in an unknown chat session.
• The infected machine will then log into a Command and Control server that is controlled by the botnet operator.
• A botnet operator can then “sell” services to the highest bidder.
• The new owner can then send instructions to the infected machines via the command and control server.

3. Typical functions of a botnet.
Botnets can be put to many uses. A few of the more popular are:

• Spam.  Spammers can purchase botnets to send out spam messages to mail servers.
• Denial of service attacks.  Multiple systems in the botnet will access an Internet system, mostly commonly websites, in an attempt to cause the system to become busy and inaccessible.
• Identity theft.

4. What is Malware?
Malware is malicious software that is designed to infiltrate, and in some cases, damage a computer without the owner’s consent.

5. Types of malware.

• Viruses – A virus is a program that has infected a program and when ran will attempt to infect other programs.
• Worms – A worm is similar to a virus but it will actively transmit itself over a network to infect other computers.
• Trojan Horses – A Trojan horse (or just simply Trojan) is a piece of malware that is disguised as innocent or desirable software.  It can also come bundled with other software that a user could download from the internet.  When the user downloads and installs the innocent appearing software the Trojan is installed alongside.  Trojan’s can also be used to install worms.
• Rootkits - A rootkit is a piece of software that is used to conceal malicious software on a computer.  This is usually done by modifying the computer’s operating system so that the malware is hidden from the user.
• Backdoors – A backdoor is a program that bypasses the normal authentication procedures.  Backdoors are usually installed by Trojan Horses or worms.

That’s all for now…. So stay tuned. Same bot time same bot channel.

Be safe,
Vereor