Botnets

     Once a system is compromised and a number of rootkits are installed, the hacker is then free to load payload applications to perform the hackers will without the knowledge or permission of the legal user. A system that has been compromised in this way becomes a zombie computer because the computer is no longer under the control of the rightful user but rather the hacker, and the user may have absolutely no idea what the computer is in fact doing. Zombie is a term that refers to the infected computer, the more common reference in the security industry is to the programs that perform the hacker’s purpose. These zombie programs are often known as bots.

     In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources (McDowell, 2006). Botnet refers to grouping a collection of zombie computers into a network of directed bots. Botnets are a major threat to individual users and organizations alike and their malicious functions can have far reaching effects.

Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms. (McDowell, 2006).

Developing Botnets

     Actively seeking out vulnerable systems is not a typical method that hackers presently use to develop botnets. Many of the vulnerabilities that enable hackers to actively seek out the targets for their exploits have been patched in applications and operating systems alike. This state of technology and the availability of exploit kits to deliver Trojans led to a method using social-engineering techniques to infect computers. Refer to McDowell, (2004) for methods to avoid social engineering attacks. Hackers entice users to download Trojans using spam containing links to malware or by enticing users to visit malicious web sites.

     A hacker who controls a botnet is called a bot-herder. After successfully gaining control of a number of bots, the bot-herder needs a method to control the bots. The most common method is to employ a Command and Control (C&C) system that communicates with the bots using Internet Relay Chat (IRC).

References