Botnets

A botnet refers to an association of networked computers, which are under the control of a so-called botmaster and which, without the knowledge or consent of the owners of the individual computers, can be remotely controlled by the botmaster. The infected computers are referred to as zombies.

 

The botmaster can use the captured victim computers under his control for a multitude of different purposes. As he has access to the individual computers, as if he was sitting physically in front of the particular system, both access to the data stored on each system and the unnoticed use of each computer's network connection are possible.

 

A multitude of options arise from this. Alongside data theft, access to the captured computers also permits concealment of the identity of the attacker in that the victim computers (bots) are used as a proxy. Depending on the size of the botnet, the perpetrator can, in extreme cases, change his IP address almost every second and use the network connection of the victim to start further illegal actions. In addition, the remote-controlled computers are also suitable for spreading of bot malware or for the mass transmission of spam.

 

When one considers the size of typical botnets, which can vary from a few hundred up to several hundred thousand infected machines, a further application of the botnet armies is revealed, namely their use as a weapon to launch a so-called DDoS attack (Distributed Denial of Service). Here, "unloved" web or mail servers are overwhelmed by mass queries. With an appropriate number of zombies, a worst case scenario will result in the server being driven out of service due to its being overloaded. This opens the floodgates to criminal activities such as blackmail.

 

Another popular element, is the use of zombie computers as web or FTP servers. This can serve different purposes. On the one hand, the provision of infected websites for the purpose of providing further information, or on the other hand use of the systems of unsuspecting victims for the storage of pornography, pirate copies, etc.

 

The administration and coordination of the zombie computers, which may be spread all over the world, can be carried out in various ways. While the first botnets still used central command and control servers, decentralised communication structures are now preferred, which are similar to the P2P networks known through file sharing. This factor makes it much harder to shut down a botnet, as there is no central server to be shut down, which could disrupt the entire network. Instead, all zombies communicate directly with each other, which gives the botnet much greater stability.

 

Botnets can recruit new zombies in various ways. Alongside propagation using infected emails, popular websites taken over by hackers can also contribute to the growth of a botnet by using security loopholes in operating systems or in application software and thus effect quasi "drive-by infection". Just one visit to a website infected with malware is sufficient for infection to occur.

 

Botnets have developed into one of the internet's largest illegal sources of income. On the one hand through the sheer mass of data yielded by the victim computers, on the other through the rental of botnet capacity to third parties on an hourly or monthly basis or at fixed prices, e.g. based on the number of spam mails sent via the botnet.