Botnets

Written by weebit

Friday, 14 August 2009 02:05

Botnets are computers that are controlled by remote. In late 1999 Sans Institute researchers noticed remote executable code on thousands of Windows computers. They also found that the code was encrypted, and they were not able at that time to find out exactly what the code was used for. In February of 2000 the controlled computers launched a DDoS attack, many sites online like eBay were attacked and lost the internet connection, or had major slow downs off and on for a week trying to defend themselves because of the attack. Amazon was also attacked that week along with other high profile business websites.

The computers in the beginning that were infected with the code were called robots. A while later they were called bots, and today they are called botnets, or zombies. These zombie computers became part of the botnet by a drive-by-download that was installed by exploiting back doors, Web browser vulnerabilities, worms, and even by Trojan horses. In the beginning the code was used in a maliciously type fashion to play with online business websites. The so called sport was whom could create the most damage the fastest, or control the most bots or zombie computers and or reek the most havoc on the Internet. Or who could bring down the most famous of websites, or the fastest take down, or with the most money damage. It just simply was a game.

Botnets are controlled by a botmaster (person) that can reside on his/her own server, or sit idle on a chat server (irc) Instant messenger, and even on a social net work website like twitter. They have software they just type in commands that goes remotely to their bots (zombies or botnets). The command could be subtle such as just finding out how many computers (bots) they have control of, or as malicious as commanding a DDoS attack, or to send Spam. Unfortunately today's botnets are mostly about money. Payload. Generally there are only a few different type botnet code scripts, but there can be thousands of botmasters using different versions of the same scripts. Some of these scripts attack, others gather personal information they find online in order to sell, some Spam, others store or send out offensive or illegal material. Many others sit in waiting for months (sleep) before the Security vendors find out what the botnets have in store for the Internet, or for the compromised computers. They can control a couple hundred computers, or a thousand, or many thousands. Thus today there are over fourteen million zombie computers online, and the sad part is most of their owners have no clue their computer is a zombie. The other sad part to this is I always tell my newbies that "for every bad script or person you meet online, there is always another lurking and waiting that you never see until the time is right". So at least add a half million to a million of botnets to the mix, because many haven't even been found as of yet. The biggest threat of all with botnets is the fact they could be running on any type of computer on the Internet. It is not just the normal everyday computer user that could be infected. Servers, Businesses, along with the normal everyday computer user could be infected. Other than the botnets being on the Internet creating havoc for everyone, they also can create havoc on the zombie computer. They slow the computer down, they send out illegal material that could get the owner of the zombie in trouble from a legal stand point. They can be shut down by ISP's that realize that the users computer is part of a botnet. They also are at risk of loosing important data because some of these botnets have built in kill switches. Which basically means that the botmaster only has to type in a command called a KOS (kill operating System) and the zombie computer is dead, and the owner has no clue what happened. Thousands of computers are now dead.

Because there are people online that don't update their Windows regularly, don't use Anti-virus software, don't do regular checks for spyware, adware, Trojans etc. Plus they don't even know if their firewall is working or not, or even if they have one. They helped make botnets one of the leading threats online. They helped put botnets in the history books, and to keep Spam alive. Don't you just want to slap em? Or did you happen to inch down in your chair a little because, you are maybe one of them?

The future of botnets is very un-predictable, or is it? I see a day when a business reeks damage on it's rival using a botnet. I also see a day of un-relenting havoc on the internet just because of the sheer number of computers infected with botnets. (fourteen million zombie computers and counting) It will effect everyone on the Internet. It will be the "Internet Storm of the Century". It's coming sooner than you think.

======================================================

Here are some good resources and news reports

======================================================

The Honeynet Project
http://www.honeynet.org/node/61

Botnets pushing up spam loads
http://www.v3.co.uk/v3/news/2245041/botnets-pushing-spam-loads

Botnet Uses Twitter to Control It
http://www.pcmag.com/article2/0,2817,2351590,00.asp

Small botnet being controlled via Twitter
http://www.neoseeker.com/news/11561-small-botnet-being-controlled-via-twitter-/

More tips on detecting botnet infestation
http://www.networkworld.com/newsletters/techexec/2009/082409bestpractices.html?hpg1=bn

Botnets generate million-dollar revenues for Cybercriminals
http://www.securitypark.co.uk/security_article263497.html

Spam Volumes Up 141 Percent, Aided By Botnets
http://www.pcmag.com/article2/0,2817,2350918,00.asp

A botmaster recently hit the kill switch (kos—or "kill operating system") for some reason, taking down 100,000 infected computers with it.
http://voices.washingtonpost.com/securityfix/2009/05/zeustracker_and_the_nuclear_op.html

Storm Botnet Cleaning Method Revealed

http://news.softpedia.com/news/Storm-Botnet-Cleaning-Method-Revealed-101818.shtml

======================================================

Botnet cleaner

======================================================

GMER

http://www.gmer.net/

Panda antirootkit

http://research.pandasecurity.com/archive/Panda-AntiRootkit-Released.aspx

=====================================================
Online Anti-virus scanners (not in any type of order)
=====================================================