Bots & Botnets

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
Line 4: Line 4:
*Bot
*Bot
*Herder
*Herder
-
 
+
*Zombie
*Scrumping
*Scrumping
Line 21: Line 21:
*Phishing  
*Phishing  
===DDoS===
===DDoS===
-
A  
+
A Distributed denial of Service attack. The bots flood a web server with ICMP requests causing the server to crash. This can be used as a method of extortion from various websites. The herder demonstrates the power of his botnet by taking down the website, then he/she contacts the site in question and extorts them for money.
===Spamming===
===Spamming===
 +
A Herder can sell his botnet as a service to a spammer. This is beneficial to the spammer as he can have anonymous distribution of his messages.
===Phishing===
===Phishing===
-
 
+
Works the same way as the spamming method.
== Life Cycle ==  
== Life Cycle ==  
*Intial setup of configuration settings of the bot
*Intial setup of configuration settings of the bot

Revision as of 02:26, 14 April 2008

A Botnet is a collection of infected computers that can be used to attack organizations and distribute illegal information due to the sheer number of computers that is contained within them. Botnets are hard to prevent as the computers usually bear no resemblance in their locations in the physical world.

Contents

Definitions

  • Bot
  • Herder
  • Zombie
  • Scrumping

Bot

A Bot is short for robot. In the context of this wikipedia page a bot is a malicious program that installs itself unbeknowenst to the owner of the pc, sets up an IRC or HTTP server and is ready to perform illegal activities.

Herder

A person who controls all the bots in the botnet.

Zombie

An infected computer.

Scrumping

A bot stealing CPU cycles from the host computer.

Attacks

  • DDoS
  • Spamming
  • Phishing

DDoS

A Distributed denial of Service attack. The bots flood a web server with ICMP requests causing the server to crash. This can be used as a method of extortion from various websites. The herder demonstrates the power of his botnet by taking down the website, then he/she contacts the site in question and extorts them for money.

Spamming

A Herder can sell his botnet as a service to a spammer. This is beneficial to the spammer as he can have anonymous distribution of his messages.

Phishing

Works the same way as the spamming method.

Life Cycle

  • Intial setup of configuration settings of the bot
  • Register a Dynamic DNS
  • Infect a PC with a bot
    • Bot propagates according to the configuration settings
    • Scans for vunerabilities
    • Idle
    • Performs actions as recieved by other bots above it in the chain of command
    • Bot dies:
      • Bot may be taken over by another botnet
      • The bot's owner's pc realizes the pc is a zombie, kills the bot.
      • The chain of command may be compromised above the level.

Bot Management

They commonly have hidden removal commands, to completely clean the host computer. On the larger IRC networks such as EFnet channel activity is logged in order to learn the commands, and then automated systems are setup to prevent the owner of the botnet from accessing them and at the same time perform the removal command when a bot comes online to it's control channel.

How to Fight Botnets

Norton Anti-Bot

References

"Botnet"

See Also

"Alternative Technologies for Ethernet"

External Links

http://www.symantec.com/norton/products/overview.jsp?pcid=is&pvid=nab1

Personal tools