Saturday, October 20, 2012

What is Botnet and how it works?

Image credit goes to Tom-b from wikipedia.

Before , I putted an article about Botnet here. But I submit a paper which I use part of this article inside that. For making sure about the plagiarism software I took out the article from here! But now I'm going to describe the Botnet in an easy way.

Basically Botnet is the term used for a group of infected computers with a malware named Bot. Bot derived from "robot" as Bots work automatically and act based on the commands of the owner.
When we speak about botnet we don't mean a network of few computer but we mean million of million computers spread around the globe. This type of malware (Bot) , designed in a way that after infecting the victim machine try to communicate with a command and controll server (C&C) which later attacker do the updates and attacks from that command and control center.

Infected computers also known as Zombie , always listening to the Command and control channel and waiting for new instruction. The botnet owner known as Botmaster which can change the setting of the bots or add new feature to them.

Botnets spread around with different methods such as social engineering, Trojans and they are also able to spread them self through the victim. For instance the bot send itself with a message to email list of the victim and due to the trust between victim and third party the chances that the third party open it is very high.

Botnets give different abilities to the botmaster which most of them used in aim of financial gain and criminal activities such as:

  1. Launching DDoS attacks  : The attacker rent the botnet to a third party instead of specific amount of money to do DDoS attack against a target address. Distributed Denial of Service (DDoS) attack is a type of attack which by doing a lot of request to a website or IP consume all of server or network resources which result in unavailability of service to legitimate users of that website. Availability is one of key concept of security which can be voided by DDoS attacks.
  2. Spamming :  Emails are equipped with spam filter which block the sender IP address. However if the spam sent from different addresses it can successfully bypass the spam filter.The botmaster will send spam behalf of a third party for advertising purposes by using all of his bot nodes.
  3. Sniffing : The bot can act as a sniffer program and sniff and record all of the victim network activities and send back to the attacker.
  4. Keylogging : The bot also can record victim keystroke and even filter them for specific fields like username and passwords.
  5. Spreading : The bot can send itself to other computers via emails, messaging applications and removable medias.
  6. Identity Theft : Attacker can make fake Identity cards based on information that he collected sooner or even can sell all these information in mass amount to criminals for the same purpose or spamming.
  7. Sharing illegal files: The botmaster can store and share illegal files such as cracked software and copyright material which in case the host got caught the owner of computer is responsible.
  8. Click jacking : Botmaster might rent the botnet to a second party which have a website with an advertise. Advertisers have kind of service named Pay Per Click (PPC) which do the payment to website owner for each unique click. The botnet can be used to click on these advertise and due to that fact each computer has its own IP so it seems legitimate and produce high revenue for the website owner.
  9. Changing online polls: The botnet might be hired by a third party to change the result of an online voting. Due to that fact in online polling systems each person with a unique IP only can vote once. A malicious entity might hire a botnet to change the result of voting by making fake votes from all bots.

Copyright Notice: This article is brought to you by . Feel free to use this article but please provide & Amir Sadeghian([email protected]) in your references list.Thank You.

No comments:

Post a Comment

Social Networks Sharing