A botnet is 2 or more bots coordinated to complete a particular objective. To explain, imagine one bot as one individual. Then imagine hundreds of thousands of individuals across the world directed to not use electricity at a particular instant. For that instant, the particular objective could be the absence of light or the conservation of energy. This could be a good or bad use depending on the length of the instant or the type of electricity restricted for that instant.
The objective of a botnet can be for good or bad purposes depending on the intent of the user. Google uses a botnet to index web pages. This is a good use. The end-user, the person visiting the web page or the search engine, has no control. The botnet is automated meaning it performs its job without help from the user.
Infectors (I will use this general term to describe any kind of malicious software such as viruses and malware) are increasingly targeting personal information. Spammers and infector authors are combining their talents for very profitable, lucrative and illegal business dealings.
It is a very profitable and organized business to have thousands or hundreds of thousands of personal computers around the world simultaneously infected with the exact same malicious software program to form a botnet that can be remotely activated. These botnets can be used for many unsavory purposes.
The bot herder is the person who typically lures unsuspecting internet users to their website so the malware they installed at their websites can be forced to the computers of unsuspecting website visitors who arrived there because:
- of a spelling error when they typed an url into their browser
- they clicked on a link directing them to the malicious website in an email or at a webpage from a forger or an unknown sender usually with a tempting subject
Bot herders can also use purchased spam lists to distribute the infectors on computers of unsuspecting victims. This is one of the reasons to limit the number of infections on your home computer. When there are enough remotely controlled computers, the bot herder can rent or sell the botnet. This botnet, the network of remotely controlled computers, can be used to:
- send spam
- send and install viruses, Trojans, or worms
- store and/or send pornographic images
- store and/or send copyrighted material
- store and/or send corporate secrets
- initiate denial of service attacks
- any other mischief the cybercriminal can imagine with existing technology.
Unfortunately, the thousands upon thousands of home computer users that are part of a botnet which will actually produce a denial of service attack or send out millions of spam without their knowledge, not only are unaware of their computer being used but also may be liable in some geographic locations across the globe.
The Storm Worm botnet has millions of unsuspecting computers in its network as of the fourth quarter in 2007. This network is not only impressive because of its network size and money making potential, it seems to be the first that can protect itself from a computer or network that is curious about its construction or capabilities by disabling the server, website, or internet connection used to examine it.
Botnets and any infector are all the more reason to practice cybercrime prevention by:
- maintaining current security fixes and patches of your operating system and all installed programs,
- installing and using updated anti-virus and anti-spyware software regularly
- be careful about opening email from a stranger or a forger pretending to be someone you know.
This post is part of the series: How Computer Infectors and Spam Can Be Partners in Crime
This series focuses on how computer infectors and spam can compromise the safety and security of home computers.