Print | Send on Yahoo! | PDF version | RSS | Filed Under: BOTNETS

Virtual Entities Spreading Real Troubles - Botnets

Now that we have seen what bots are able to do as individual entities, let’s detail upon what they can do as a united army of computers scattered across all the geographic and political regions on the globe.

Shortly put, botnets are extremely appealing infrastructures mostly because of their tremendous computing power simultaneously distributed on millions of machines. Recent estimations claim that a medium- or large-sized botnet is able to provide more computing power than the most powerful supercomputer on Earth.

The most powerful supercomputer to date is the BlueGene/P, an informatics structure developed by IBM in collaboration with the US Government. It can deliver a computing power of 1 PFLOPS sustained and 3 PFLOPS peak. 

The larger the botnet, the more computing power there is available to an attacker. The entire processing power can be used to perform miscellaneous tasks, not only for free, but also safe from the “poking nose” of legal authorities.

Despite the fact that such infrastructures are usually created by criminally-motivated persons , botnets are mere tools that can be used for a multitude of purposes. However, none of its uses are legal; on the contrary, the vast majority of botnets are created and exploited in such a way to damage both computers and their users. There are about 10 different uses for botnets that are currently known to security analysts, but given the fact that a botnet is ultimately a tool, there may be other methods of exploiting the zombie computers.

While the first computer viruses were mere pranks created by programmers in order to show off, botnets are a serious threat to the security of the entire Internet. The increased pace at which most personal computers turn into zombie systems forced governments and legal institutions into taking measures against the botnet human operators. 

Distributed Denial-of-Service attacks are one of the most frequently-encountered uses for botnets. This type of attack targets computer systems or networks and renders the users’ network connection useless by consuming all their allocated bandwidth or computational resources. DDoS attacks can also be used commercially, against rival corporations, for instance. Repeated queries on the company’s web server would ultimately take it offline, thus causing extensive prejudice to the victim company’s business. One of the toughest DDoS attacks was carried in 2002 against the Internet's root servers, which outlined the fact that Internet’s infrastructure is highly vulnerable to simple hacking attacks.

Spamming is another use for botnets. After having established connection with the zombie machine, the persons behind the botnet can perform tasks such as spamming. An attacker is thus able to send impressive amounts of bulk email (also known as spam), through any of the zombie computers that are linked as part of the botnet. The latest versions of bots are able to also harvest e-mail addresses, which can result in your address being used as the sender.

Sniffing traffic refers to an action that intercepts clear-text passwords sent from your computer to other websites. The bots installed on the users’ machines would grab the username and password, and then communicate them to the bot-master. This way, your bank account can be accessed by illegitimate parties, who can perform transfers and shop on your expenses.

Keylogging is much worse than sniffing traffic, although the results are somewhat the same. However, while packet sniffers would only be able to intercept clear-text information sent between your computer and the destination machine, key-logging bots can intercept any key the user presses. All the collected data (such as typed e-mail content or messenger conversations) are then sent to the bot-master for evaluating the amount of sensitive information (bank accounts, PayPal accounts etc.)

Spreading new malware applications is also a common task for botnets.The already-installed bots on the zombie computer can perform additional operations, such as downloading and installing other bots, or even sending malware-infected e-mail messages in an attempt at taking over more and more computers. A botnet of “only” 10,000 machines can serve as a start base for a much larger one.

Making money out of advertisement is one of the oldest purposes for botnets. This way, the bot-master can receive money for the ads they create clicks originating from the infected machines via advertisement add-ons and Browser Helper Objects (BHOs). The bot-master sets up a fake website, and then negotiates with some companies offering pay-per-click ads. The bots on the users’ machines would be instructed to automate the clicks on the pop-ups, a process that can be made more facile if the bot hijacks your browser’s start page.

Google AdSense abuse is similar to the previous use of botnets, and would help the attacker to increase the AdSense revenue. One of the most important attacks of this kind was carried by some botmasters using the Clickbot.A automaton, a software application that would click on the ads displayed on a specific website (managed by the botmasters themselves). This way, the botmaster controlling the bots would perform illegal clicks on Google’s displayed ads in order to boost revenue. According to the reports issued by Google, there were over 100,000 machines involved in the scam without their users knowing it.

Attacking other communication infrastructures, such as IRC chat networks is extremely common and uses the so-called “clone-attack”: the bot-master instructs each bot to connect a large number of clones to the victim IRC network, which would have a similar result to the DDoS attack, namely bringing the network down. Clones are multiple instances of the same bot running on a single machine.

Mass identity theft is the most dangerous type of attack involving zombie-computers. Your computer starts sending bogus e-mails, known as phishing messages that pretend to come from legitimate sources, such as banks or respectable websites, and ask users to go online and disclose their private information. However, they are directed on carefully-crafted clones of the legit website. Upon login, the users’ credentials are stolen and added into a database, which can either be exploited by the botmaster, or sold to another party. No matter the exploitation form, it is extremely damaging to the users’ balance and credit.

Manipulating online games and polls is another illegal use for botnets. As the Internet is gaining more and more ground, multiple social and economic services move into the cyberspace. This is the case with betting websites and online gaming contests. Manipulating polls and games has never been easier, since they usually prevent the user from voting by logging their IP address once they have expressed their preference / opinion. However, since every zombie computer has a distinct (unique) IP address, botmasters can vote multiple times on the account of each infected machine under their command.