BOTNET

BOTNET

INTRODUCTION

A botnet is a collection of internetconnected programs communicating with other similar programs in order to perform tasks.

This can be as mundane as keeping control of an IRC channel, or it could be used to send spam email or participate in DDoS attacks. The word botnet stems from the two words robot and network.

Once your computer is under the control of a botnet, it may be used to spam others, host phishing sites and other illicit files, infect or attack others, or have adware and spyware foisted on it so the attackers can collect from various affiliate advertising programs.

What Do Botnets Do?

It's all about the money. Viruses, worms, and Trojans have evolved far beyond the childish pranks of yesteryear. Today's attackers are serious criminals -- in it for the money -- and your system spells international currency.

Will Antivirus Software Protect My Computer From Bots?

To ensure the greatest chance of survival, malware authors routinely submit their creations to online scanners.

They repeat this process over and over again, until they've successfully created a virus, worm, or Trojan that the scanner won't detect. And that's the one they'll use to attack your system.

What Are the Most Common Botnets?

Botnets are used for everything from delivering spam and phishing attacks, to distributed denial-of-service attacks.

Most botnets sell "space" or "services" on the botnet to bidders who may then deliver additional malware or use it for additional malicious purposes. These botnets-for-hire make it difficult to define what any specific botnet is intended to do, as that intent may change depending on the bidder.

Common botnets include the following:

Asprox Botnet Gumblar Botnet Koobface Botnet Mariposa Botnet Storm Botnet Waledec Botnet Zeus Botnet

Legal botnets

The term bot net is widely used when several IRC bots have been linked and may possibly set channel modes on other bots and users while keeping IRC channels free from unwanted users.

This is where the term is originally from, since the first illegal botnets were similar to legal botnets. A common bot used to set up botnets on irc is eggdrop.

Illegal botnets

Botnets sometimes comprise computers whose security defenses have been breached and control ceded to a 3rd party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware (malicious software) distribution.

The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol).

Recruitment

Computers can be co-opted into a botnet when they execute malicious software.

This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules.

Organization

While botnets are often named after the malware that created them, multiple botnets typically use the same malware, but are operated by different entities.

The term "botnet" can be used to refer to any group of computers, such as IRC bots, but the term is generally used to refer to a collection of computers (called zombie computers) that have been recruited by running malicious software.

How a botnet works

A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious applicationthe bot. The bot on the infected PC logs into a particular C&C server. A spammer purchases the services of the botnet from the operator.

The spammer provides the spam messages to the operator, who instructs the compromised machines via the control panel on the web server, causing them to send out spam messages.

Types of attacks
In distributed denial-of-service attacks Adware Spyware E-mail spam Click fraud Fast flux Scareware

REFRENCES

Wikipedi a

Quarries