What Are Botnets?
Botnet is a slang designation for a group of computers, (software robots, or bots) all connected to the Internet, which run automatically and interact to accomplish a distributed task, usually illegal or nefarious in nature. The reason you should know about botnets is because they operate without the computer owner's awareness. You should protect your computer from becoming part of a botnet.
A botnet herder (owner) typically compromises, infects, and subsequently assimilates these computers into the botnet from a remote location without the owner's knowledge. The computers themselves are known as drones. The more drones contained within the botnet, the more damage the botnet can wreak on the Internet as a whole. The malicious software running on the drones is a "bot".
The difference between a botnet and a conventional worm is the presence of a unifying control system.
How Do Botnets Work?
The primary goal for a botnet herder is to gather as many drones as possible into the botnet. The bot software usually contains a functionality automating the task of scanning a computer's IP address for vulnerable software holes. The bot then propagates itself using these vulnerabilities and weak passwords.
Bots become more valuable if they are able to scan and propagate through a greater number of vulnerabilities. This allows them to recruit more bots into the botnet and make the collective more powerful through the greater number of drones.
The collective nature of botnets provides criminals with power over those who use the Internet. Herders with control over a large number of systems can engage in more damaging activities and wreak substantial havoc on the Internet.
The following types of attacks are caused by botnets:
- Keylogging (for additional information, see the Keylogging course within this Training, Education, and Awareness Module)
- Bots listen for keyboard activity and report the keystrokes to the herder
- Some bots have triggers to look for visits to websites where passwords or bank account information is entered
- Keylogging bots are most threatening to an individual's privacy
- Many bots also grant the herder access to the drones file system, so the criminal can read anything stored on the computer
- Click Fraud
- Bot software is used to visit web pages and automatically click on ad banners without the user's awareness
- A bot with thousands of drones can bring large financial returns to the herder
- The traffic to the advertiser looks legitimate because the clicks come from different machines from all over the world
- Denial of Service
- Numerous machines access a single Internet system and saturate its bandwidth and other resources
- The access appears to be legitimate, but the load causes the system to act slowly or in a non-responsive manner, and site access can be hampered
- A business could lose money if customers cannot reach them
- Compromised drones can forward spam or phishing scams to users throughout the Internet
- Instant messaging accounts can be used to forward malicious ads or links to all contacts in a victim's address book
- A herder can minimize the threat of getting caught, as thousands of drones are doing the dirty work
- Illegally obtained or pirated software
- Botnets can steal, store, or propagate warez by searching hard drives for software licenses installed on a victim's machine
- The collective botnet has a very large amount of storage capacity
How Do I Protect Myself?
Prudent security practices and user awareness are key in avoiding infection and exploitation by Botnets. We can all mitigate Botnets by preventing their formation in the first place.
- Each individual computer owner or user must ensure their system is protected and patched, and their software is upgraded (see the course on Home Computer Tips within this Training, Education, and Awareness Module for more information on how to do this)
- Set your operating system to automatically download and install security patches
- Investigate email scanners, firewalls, and spam blockers
- Never click on web sites you do not trust
- Use anti-virus and anti-spyware software and keep them updated
- Be cautious about opening email attachments
- Monitor your "Sent Items" and your "Outgoing" mailboxes for messages you did not send
- Disconnect from the Internet when you are not actively using your computer
What to Do If You Are a Victim of a Botnet
- If your computer starts operating slowly or abnormally, you should be suspicious
- If you have reason to believe you have been hacked or infected, disconnect from the Internet immediately
- Perform a full scan of your computer with your updated anti-virus and anti-spyware applications
- Report all unauthorized access to your Internet Service Provider (ISP) and the FBI at http://www.ic3.gov/complaint/default.aspx
- If you suspect any of your passwords have been compromised, call the applicable companies immediately to change the passwords, freeze the accounts or change the account numbers
- File a complaint with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov/complaint/default.aspx. The IC3 serves as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.
These helpful tips are provided by Digital Defense, Inc., a computer security company working with your bank as a responsible member of the community to help insure the privacy and security of our nation's financial information.