The Internet is filled with threats to online security. Many of these threats are just productive, positive technologies turned to evil use. A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. A botnet, i.e. a bot network (also known as a zombie army) is a network made up of many computers. Originally, botnets were created as a tool with valid purposes in Internet relay chat (IRC) channels.
Bot-Managers perform the tasks to accept commands from the master, to spread out those commands to the bots and to report the number of systems infected under its jurisdiction. The manager botnets are also found to be sending updated software patches to fix bugs or improve functionality, very similar to a security patch management system. Usually botnets are designed for a specific operating system, and if a wider spread must be achieved, botnets prefer web code, or java language, to infect all the possible operating system platforms. All bots are given a unique identification number, which is usually a product of the infected system’s configuration and location, but not necessarily the ip address of the system. The main purpose behind injecting a botnet into a system is to create an army of infected systems, also called as zombie machines.
How botnet workers
Malicious actors build botnets by infecting connected devices with malware and then managing them using a command and control server. Botnet architecture has evolved over time. the bot herder (the person controlling the botnet) to perform all control from a remote location, which obfuscates their traffic. Many recent botnets now rely on existing peer-to-peer networks to communicate. Once bot malware runs on a computer, it has as much access to the computer’s resources as its owner. Bots can then read and write files, execute programs, intercept keystrokes, access the camera, send emails, etc. Without owner’s involvement.
The traditional client/server approach involves setting up a command-and-control (C&C) server and sending automated commands to infected Botnet clients through a communications protocol, such as internet relay chat (IRC).
The peer-to-peer approach is more common today, as cybercriminals and hacker groups try to avoid detection by cybersecurity vendors and law enforcement agencies, which have often used C&C communications to monitor for, locate and disrupt botnet operations. As the never-ending growth of the Internet of Things brings more devices online, cyber criminals have greater opportunities to grow their botnets, and with it, the level of impact. Tor is an encrypted network designed to be as anonymous as possible, so a bot that connected to a hidden service inside the Tor network would be hard to foil.
Common tasks executed by botnets include:
- Using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites.
- Emailing spam out to millions of Internet users.
- Generating fake Internet traffic on a third-party website for financial gain.
- Replacing banner ads in your web browser specifically targeted at you.
- Pop-ups ads designed to get you to pay for the removal of the botnet through a phony anti-spyware package.
The short answer is that a botnet is hijacking your computer to do what botnets do — carry out mundane tasks — faster and better.
The client server model
The client-server model puts the botmaster in the center of the botnet. The botmaster uses command and control software to transmit messages to each of the clients. Where bots received instruction from a single location. Detection can be difficult because bots can be programmed to remain dormant in order to avoid suspicion. Law enforcement can readily do so and destroy the botnet. Even so, client-server models are used for lesser tasks such as social media blasts and small-scale ad fraud.
The peer-to-peer model
In this system, each infected machine communicates directly to a few others on the network, and those few others are connected to a few more, who are connected to even more, until the whole system is strung together. The Peer-to-Peer model fixes the Achilles heel of the Client Server model. All of the bots connect directly with each other, avoiding the need for a central communication system.
Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. On the Internet. First detected in 2007, the Zeus Trojan, has become one of the most successful pieces of botnet software in the world. it creates a botnet, which is a network of corrupted machines that are covertly controlled by a command and control server under the control of the malware’s owner. It accomplishes this through website monitoring and keylogging, where the malware recognizes when the user is on a banking website and records the keystrokes used to log in.
The Kraken botnet believed by many to be the single biggest zombie network. botnet has infected an estimated 318,058 machines about half as big as the original Kraken was at its height in the middle of 2008.including one in ten of Fortune 500 companies and sent billions of email spam messages daily.
Mirai is malware that infects smart devices, turning them into a network of remotely controlled bots or zombies. In September 2016, the authors of the Mirai malware launched attacks on the website of a well-known high-profile services such as OVH, Dyn, and Krebs on Security via massive distributed Denial of service attacks (DDoS) these attacks exceeded the network bandwidth to 1 Tbps. The virus is built for multiple different CPU architectures (x86, ARM, Sparc, PowerPC, Motorola) to cover the various CPUs deployed in IoT devices. Mirai enslaves poorly secured “Internet of Things” (IoT) devices like security cameras, digital video recorders (DVRs) and routers for use in large-scale online attacks.
With more IoT devices from wearables and pacemakers to thermometers and smart plugs on the market and in the home, cybercriminals are keen to leverage them in attacks. This heightened interest is due to the vulnerabilities in many IoT devices, not to mention their ability to connect to each other, which can form an IoT botnet. Some IoT devices were used to facilitate botnet attacks, like an IoT thermometer and home Wi-Fi routers.
How to prevent attacks from botnets
- Have work and home computer’s or laptops regularly updated with patches and antivirus software.
- Use the latest browser versions.
- Users should be trained to refrain from activity that puts them at risk like , opening emails or messages, downloading attachments, or clicking links from untrusted or unfamiliar sources.
- If you already have antivirus and antispyware software, check to see if they are activated, patched and up to date.
- Real-time information sharing.
Today the great challenge faced by cyber security researchers is the botnet. Botnet itself is not a malware but can host malicious activities like DDoS attacks, click fraud, phishing attacks etc., by simply transmit the commands/scripts through the C&C channel to the bots. I hope this blog will create awareness about the botnet and pave the way for more researches in the field of cyber security.
Barracuda.com. (2019). What is a Botnet? | Barracuda Networks. [online] Available at: https://www.barracuda.com/glossary/botnet
SearchSecurity. (2019). What is botnet? – Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/botnet
Valencynetworks.com. (2019). Cyber Security : Botnet Attack Explained | Pune Mumbai Hyderabad Delhi Bangalore India | Valency Networks. [online] Available at: https://www.valencynetworks.com/articles/cyber-attacks-botnets.
Panda Security Mediacenter. (2019). What is a Botnet and How does it work? – Panda Security. [online] Available at: https://www.pandasecurity.com/mediacenter/security/what-is-a-botnet/
Techopedia.com. (2019). What is a Botnet? – Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/384/botnet
Us.norton.com. (2019). What Is A Botnet?. [online] Available at: https://us.norton.com/internetsecurity-malware-what-is-a-botnet.