Botnet

Dennis Faas's picture

Botnet is a jargon term for a collection of software robots, or "bots," that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software.

Zombie Computers and Botnets

While the term "botnet" can be used to refer to any group of bots, the word is generally used to refer to a collection of compromised computers (called Zombie computers) running software, usually installed via worms, Trojan horses, or backdoors, under a common command-and-control infrastructure.

How it works

A botnet's originator (also known as "bot herder," typically a spammer) can control the group remotely, and usually for nefarious purposes.

Many of the new and more experienced botnet operators program their command protocols from scratch. The constituents of these protocols include a server program, client program for operation, and the program that embeds itself on the victim's machine (the "bot"). All three of these usually communicate with each other over a network using a unique encryption scheme for stealth and protection against detection or intrusion into the botnet network.

Automatically Scan and Propagate

A bot typically runs hidden. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords.

Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community. The process of stealing computing resources as a result of a system being joined to a "botnet" is sometimes referred to as "scrumping."

Internet Pandemic

Several botnets have been found and removed from the Internet. The Dutch police found a 1.4 million node botnet and the Norwegian ISP Telenor disbanded a 10,000-node botnet. Large coordinated international efforts to shut down botnets have also been initiated. It has been estimated that up to one quarter of all personal computers connected to the Internet may be part of a botnet.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
No votes yet