Botnets: The Reality behind the Myth

Most computer users usually own both a desktop system and a mobile solution (notebook, ultra-mobile PC or even a palm-sized device running on a fully-fledged operating system) to complement the former.

While corporate and enterprise workstations are extremely well secured, protected and configured, most of the home computers are running Microsoft’s Windows operating system (in various flavors) and usually lack firewalls or professional security measures. More than that, many of them have never been patched against OS vulnerabilities, which leave them open to remote attackers.

The primary targets for attackers are home computers connected to the Internet via broadband links. Broadband connections allow attackers install malware in shorter periods of time, and at the same time, allow remote hackers to transfer huge amounts of data to and from the infected machine. As most of the existing Internet Service Providers (ISPs) are offering broadband connections, there is no wonder that the Botnet industry has been blooming during the last decade.

Botnets (also called “Zombie Networks”) are networks of compromised personal computers that can be controlled remotely to act as one, extremely powerful, system. In order to gain control over a machine, the attacker has to trick the user into installing a remote access tool (usually a Trojan horse with remote control capabilities). This kind of backdoor allows cyber-criminals to remotely access and control the infected computer, without users’ consent or interaction.

However, there is no use in controlling a single machine.However, a single infected computer is also good news for the remote attackers, given the fact that they can steal banking credentials or other sensitive data.That is why malware authors attempt to infect as many machines as possible, then join them in a single huge zombie network. Initially, the term “botnet” has been largely used to define a multitude of computers running automated software able to perform miscellaneous tasks.

The situation has changed lately, as botnets started to represent a “herd” of infected PCs also known as a “zombie army”. Despite the fact that the user still owns physical control of their computer and can turn it off or on upon their will, the real person who takes advantage of the computing system is located remotely.

Once the bot has been stealthily installed by a third-party user located remotely, it would act as a relay to forward transmissions such as spam messages or viruses to other computers connected to the Internet. Each computer is referred to as a zombie or drone, because it servers the wishes of spam-senders or virus attackers. Both terms are mostly used by mass-media in order to add extra drama to the whole picture. Attackers are usually controlling more than a simple machine: they either control multiple systems located in the same network, or even the entire network.

The person who controls the infected computers is referred to as botmaster or bot-herder. Botmasters can control the compromised machines regardless of their location: they can be located on a different network, in a different country or even on a different continent, as long as a connection to the internet is available at the respective location. More than that, their location is anonymous, as the Internet infrastructure is conceived in such a manner to allow that.

Bots are not always malicious. Although the term usually covers software running on compromised computers performing miscellaneous tasks that harm the user, bots can also be used for legitimate purposes. Search engines use bots that parse and index web pages, while most of the first-person shooters (Quake, Counter-Strike and so on) use them as artificial opponents for local gaming sessions. At the same time, botnets can prove to be extremely useful, as long as computers have become part of the network with users’ consent. One of the best examples of legitimate botnets is the SETI@Home project, a research initiative that uses home computers’ power in order to process huge amounts of data .

There are many other distributed computing networks that use home computers for research. Such networks deal with climate prediction, drug modeling and cancer tissue microarray analysis among others.
While the legitimacy of such distribute computing networks is undisputed, we will focus on botnets comprised of computers infected with malicious intent.