You are here: : Botnets
Monday, April 14th, 2008
What is a Botnet?
A Botnet, or robot network, is a term used to describe a collection of computers that have been compromised by a worm or Trojan horse, allowing an attacker to remotely control the systems. The Storm botnet is estimated to be the most prevalent example, with different sources describing it’s size as anywhere from 100,00 to 1 million machines. Individual machines within a botnet are referred to as zombie computers because they are externally commanded to perform tasks without the owners consent. Victims are typically unaware that they are infected or that their system is being controlled remotely by a botnet administrator.
By stealing and coordinating the computing resources of thousands of zombies, cyber criminals can construct botnets that have the Internet bandwidth of a small country and the processing power of hundreds of supercomputers. Hi-jacked systems are used to perform various illegal tasks such as sending massive amounts of spam email or launching distributed denial-of-service attacks that can completely shutdown the networks of corporate or government targets. By some estimates, fifty to eighty percent of all spam is being sent from zombie computers. By using networks of zombies, rather than their own machines, cyber criminals can mask their identity and disguise the source of their illegal activity.
Why Would Someone Setup a Botnet?
For the most part, the enormous computing power of a botnet is used for personal financial gain. The cyber criminals running these robot networks rent out bandwidth to spammers advertising pornography, gambling, and prescription drug sites. They use the zombies with the fastest connections to setup mail servers, which rapidly distribute millions of emails across the Internet. Spammers pay botnet administrators to send messages containing advertisements and links to websites that in turn bring revenues back to the spammers.
Botnets reduce operating costs for spammers because they don’t have to pay an ISP for the bandwidth that is necessary to send out such an extreme volume of messages. Botnets also benefit spammers because legitimate ISPs will terminate their relationship with a client if they discover evidence of a mass-mailing enterprise. In this way, a botnet can be thought of as an illegal ISP that is comprised of the hijacked Internet connections of infected, zombie computers.
Parts of the botnet that are not on loan for spamming purposes are generally used to further the administrator’s interests. These include expanding the scope of their robot network as well as launching attacks on competitor botnets and law enforcement, anti-spam, and security groups that actively seek out and prosecute spammers and botnet administrators.
Worms are often used to propagate a zombie infection and increase the overall bandwidth and power of a robot network. The Storm botnet uses the Storm worm to infect and connect victims to its robot network. Contaminated systems will mail copies of the Storm worm to any email addresses that can be harvested from address books or archived emails. The messages sent from a victims machine contain either an infected attachment, or a link to a website which uses security loopholes such as Active X to automatically download malware.
Links and attachments are often packaged to appear harmless. Users should not be fooled by appearances, because clicking the wrong link or downloading the wrong attachment can lead to immediate infection. Attackers often use inviting advertisements and seemingly harmless messages to entice victims into visiting a site that will infect and connect their machine to a botnet. Once connected, their system becomes a node in an international network of illegal activity.
McAfee VirusScan Plus provides proactive protection that helps you avoid online attacks and protects what you and your family value from hackers, identity thieves and other online dangers. It halts malicious activity before it can target your identity, put your children at risk, and threaten your online safety. McAfee VirusScan Plus integrates sophisticated security technologies to prevent multi-pronged attacks.
- Stops Viruses. Automatically blocks, cleans and removes viruses so you can surf the Web safely. Cleans files, emails, internet downloads and instant messaging attachments, and prevents the spread of viruses to co-workers, friends and family.
- Blocks Spyware. McAfee also blocks spyware before it can install on your computer, and removes existing spyware. Secure your identity and privacy – while also keeping your PC from getting clogged with unnecessary programs and files.
- Always On, Always Protecting. 24/7 virus and threat protection from McAfee® Avert® Labs continuously monitors worldwide virus activities and provides rapid anti-virus protection and removal solutions.
- Always Upgrading, Always Updating. Daily updates are installed automatically. When new versions are available, you get them automatically at no charge, ensuring that you always have up-to-date protection.
Special Limited Time Offer: Download McAfee VirusScan Plus 2008 – Only $19.95!
While you may have remained untouched in the past, in reality, without advanced security, you’re leaving everything right out in the open! So why risk exposing your credit card information, email address book or the general health of your PC for even one more day? Download the protection you need with McAfee VirusScan, an easy-to-use antivirus solution providing advanced protection from viruses, worms, Trojans and more. Learn more about McAfee Virus Protection Software.