Botnets - they're dangerous, deceptive, and very difficult to detect and deal with. What's more, according to recent surveys, the botnet threat is growing...rapidly.
Experts say it's imperative that businesses and end users become aware of the acute and growing dangers posed by botnets, and take decisive and effective steps to counter them before it's too late.
But that's easier said than done as botnets are insidious, and use stealth as a key weapon.
Short for robot, a bot is a captured and compromised computer; and of course botnets are networks of such computers. After being commandeered, these machines may be used for a range of nefarious purposes, including scanning networks for other vulnerable systems, launching denial of service (DoS) attacks against a specified target, sending spam emails, and keystroke logging as a prelude to ID or password theft.
Botnets are generally created through spam emails or adware that leaves behind a software agent, also sometimes called a 'bot'. Captured machines can be controlled remotely by the malware creator, referred to as the bot master or bot herder.
If additional software has to be downloaded to complete the capture process, the bot would first do that. "It may use any mechanism - FTP, PFTP, HTTP - to install the software," explains Jim Lippard, director of information security operations at network services provider Global Crossing, whose customers include more than 35 percent of the Fortune 500, as well as 700 carriers, mobile operators and ISPs.
The next thing the bot does is call home. It would "usually do a domain name server (DNS) lookup on a particular name used by the miscreant for that botnet. Then it will find the host for that name, and connect to it using standard Internet Relay Chat (IRC) protocol," Lippard says.
The larger a botnet, the more formidable the attack it can launch. For instance, when a botnet containing tens of thousands of captured machines is used to launch a denial of service attack, the consequences can be serious and irreparable.
There's the well publicised case of the botnet created by Christopher Maxwell that installed adware on vulnerable machines. It was estimated his botnet attacked more than 400,000 computers in a two-week period. Maxwell's attack, it was reported, crippled the network at Seattle's Northwest Hospital in January 2005, shutting down an intensive care unit and disabling doctors' pagers. The botnet also shut down computers at the US Department of Justice, which suffered damage to hundreds of computers worldwide in 2004 and 2005.
Maxwell pleaded guilty and was sentenced to three years in jail, three years of probation and a fine of $250,000.
The motivation of most bot herders is usually financial, say experts who follow this phenomenon closely. Botnets are sometimes rented out to spammers, scam artists or other criminal elements.
Lippard dubs bot software "the Swiss army knife of crime on the internet". There are multiple functional roles in the botnet economy, he says. For instance, there's the bot herder - the person who controls the bot. Lippard talks about two common ways bot herders make money. The first is by installing adware or clickware on to the systems they control.