Ready to Start Your Career?Create Free Account
August 21, 2016
Understanding How Botnets Work
August 21, 2016
August 21, 2016
IntroductionBotnets are computer botnets, which are programs connected to the Internet to communicate with other similar programs to perform certain tasks.An Internet bot is an automated or semiautomatic software agent that interacts with computer servers. A bot connects and interacts with the server as a client program used by a human, hence the term "bot," which is the contraction (apheresis) of "robot".They're mainly used to perform repetitive tasks that automation enables quickly. They're also useful when rapid action is an important criterion (for example, with robots or robots game auction, but to simulate human responses, as with IM bots).Botnets can spread to botnets and be used for malicious purposes such as sending spam, computer viruses or computer denial of service (DDoS) - espionage and control computers.A zombie machine is a computer or a printer IP controlled by an attacker without the knowledge of its user. The latter is most often an example of an attack of other machines by concealing their true identity. A zombie is often plagued initially by a worm or Trojan horse.Any machine connected to the Internet is likely to be a target to become a zombie machine. Windows machines represent the majority of infected machines, but also, to a lesser extent, Linux machines, Apple, game consoles or routers and Printers. Primary Malicious Uses of BotnetsThe main characteristic of botnets is the pooling of several different machines, sometimes very numerous, which makes the desired activity more efficient (since they have the ability to use a lot of resources). This also makes them more difficult to stop. One attacker can control hundreds of computers.Primarily, they're used for:
- Relaying spam for illegal trade or handling of information (eg stock market prices)
- Performing phishing operations
- Identifying and infecting other machines, spreading viruses and malware
- Participating in DDoS attacks (grouped)
- Generating abused clicks on an advertising links on a web page (click fraud)
- Capturing information on compromised machines (theft and resale of information)
- Harnessing the computing power of machines or performing computing operations including distributed password cracking
- Conducting illegal trade operations by managing the access to unauthorized product sales sites or counterfeit via fast-flux techniques (single or double-flow or RockPhish).
- Theft of bank cards - passwords
- Spam: to send more mail.
- DDoS: send more attacks on a server to do stop working.
- Bruteforcing: find a password quickly
- Infection: of machines (viruses, worms, Trojans ...)
- Installing rootkits
- Changing the system (changing the network filtering rules, disabling security tools, etc.)
- Auto-change (to change his signature)
- Deleting other malware that can disrupt the botnet
- Operating fault of the host system, etc.
- To exploit vulnerabilities that it will recognize;
- To use known or previously installed backdoors;
- To make brute force attacks, etc.