What are Botnets?
Itís often used in conjunction with Ďzombiesí and Ďenslaved computersí and paints a dystopian picture of the future in which remotely controlled computers rule the world.
The truth isnít too far from this. A botnet is a collection of computers that together have been remotely hijacked, irrespective of their location, to create a network of Ďzombie computerísí controlled by hackers.
Botnets really started making their mark in the early 2000s when financially motivated attackers took notice of the large number of unprotected computers and equally large number of users turning a blind eye to security.
So why do hackers create botnets?
Today, botnets can be enormous and have accounted for cyber fraud activity that can be counted in billions of stolen dollars.
A botnet is the difference between having one computer to do a hacking mission and having 10,000 computers. A cyber crook has simply got so much more computing power at their fingertips to:
Attack other computers or to take down websites
Send spam or phishing emails to millions of email addresses
Deliver ransomware to hundreds of thousands of computers
Send Spyware, Trojans and other types of malicious malware
How are botnets created?
A hacker writes some malware code that if it gets into your computer allows it to be taken over remotely.
Criminals try and get the malware into your computer by taking advantage of exploit flaws such as browser plugin updates that youíve ignored or placing malicious links on websites. You click and the malware downloads, but you might not be aware of it.
When the malicious code executes on your computer, it uses the internet to make contact with the control computer that operates the botnet, often called a command and control server. Your computer periodically checks for instructions from the command and control server.
Peer to peer botnets are used by cyber fraudsters to stop security researchers and authorities from identifying and stopping centralised command and control servers. To put it simply, in a peer to peer botnet the bots connect and communicate with to each other in order to remove the need for a centralized server.
But even smart connected devices are now being exploited. Last year a piece of malware called Mirai (Japanese for future) was used to create an Internet of Things (IoT) botnet from connected cameras and digital video recorders.
Most known botnets
The GameOver Zeus botnet was one of the most powerful Ďfinancialí botnets ever seen. Designed to steal online banking credentials it is estimated to have infected almost 4 million PCs in the US alone. It is believed to be responsible for the theft of millions of dollars from businesses and consumers around the world.
The Simda botnet infected more than 770,000 computers in over 190 countries It was active for years and distributed pirated software and different types of malware, including stealing financial credentials.
Storm ranged anywhere from 250,000 to 50 million computers. First detected in 2007, it got its name from one of its earliest spam messages, ď230 dead as storm batters EuropeĒ used as the subject line in emails that were hiding malware. Notable for being one of the first peer-to-peer botnets it was known for enabling share price fraud and identity theft. Storm was partially shut down in 2008.
ZeroAccess controlled in excess of 1.9 million computers around the world. It split its focus on click fraud and bitcoin mining. The botnet was reported to be consuming enough energy to power 111,000 homes every single day from all its infected computers.
The Mirai botnet surfaced last year. It consisted of compromised smart devices and was used to launch the largest ever distributed denial of service attacks the world has ever seen. It took down some major websites including Netflix and Twitter.
Botnets for hire
The cybercriminals who operate the botnet will likely sell it or rent it out to be used by other fraudsters. At some point the botnet will be activated and used to launch some type of attack.
Botnetís for rent are big business in the cyber fraud underworld and they are typically rented out for as little as £15 per hour.
Today, itís a fact that malware and botnet infrastructure dedicated to cyber-crime is a large commercial operation, thatís not going anywhere.
What damage do botnets do?
Distribute malware, ransomware or spyware to spy, steal and cheat people out of their personal information and financial information, alongside blackmail,
Send out spam emails to hundreds of thousands of email addresses which have often been stolen from different organisations servers
Launch distributed denial of service (DDoS) attacks on a website, companies or government agencies. The botnet is used to send so many requests for content that the server cannot cope and it essentially sinks under the weight of the requests
Botnets are used to generate fake clicks on ads so the fraudsters can make large amounts of money
Launch large phishing campaigns, for instance, emails that contain hidden malware
How to tell if your computer has been Ďenslavedí into a botnet
There are some tell-tale signs that indicate your computer might become a part of a botnet:
Your computer or internet connection is running slower than normal
Your computer behaves erratically, for instance it crashes often and you receive unexplained error messages
There is high network usage on your home network
Your browser closes frequently and unexpectedly
Sometimes your computer takes a long time to start or shutdown
How to avoid becoming a part of a botnet
Donít click on suspicious links - you donít know where they lead
Donít download attachments that you donít recognise or never requested
Use good antivirus and antispyware software
Do a full, in-depth scan with your antivirus to make sure everything on your computer is clean
Keep all your software up to date, especially your browser
Whatís the future of botnetsÖ it's thingbots?
There are an estimated 2 billion personal computers in the world and botnet creators have certainly taken advantage of this by snaring millions of unsuspecting computer users.
But letís put this in perspective. The Internet of Things (IoT) is upon us. Everything from cars to home appliances, watches and even childrenís toys are being connected online. It is projected that by the year 2020, there will be more 25 billion devices connected to the Internet.
Those numbers alone are enough to attract cybercriminalsí attention, but what is more relevant is that these devices mean more data to steal, more systems to take over and more money to be made.
This rise of IoT will bring another evolution in malware in the form of thingbots. Thingbots are botnets composed of infected IoT devices. Weíve already seen the Mirai botnet and this is just the start.
Compromised IoT devices can be controlled to launch attacks, steal sensitive data or facilitate other malicious activities. We have already seen a few of these in the last couple of years.
What is alarming about IoT is the painful lack of security on many devices. Itís an open invitation for cyber crooks and as such you can bet your latest smart device that thingbots will definitely become a thing.
Written by Steve Bell
Steve has a background in IT and business journalism and in the past has written extensively for both the UK national and trade press including The Guardian, Independent-on-Sunday, The Times, The Register, MicroScope and Computer Weekly.