Botnets – What you need to know

Botnets are suddenly in the news for all the wrong reasons. What are botnets and why are they in the news?


In the last few weeks, Many US and South Korea based websites were reported to be under attack by a botnet group of computers, causing the attacked domains to become very slow and unresponsive and even putting many out of commission for periods of time. Among the domains were many government websites of the respective countries. It’s unconfirmed as to where exactly the attack is being launched from, but the incident included several government websites which began to be attacked by a botnet of some 60,000 computers that were running Microsoft Windows. The botnet’s goal was a denial of service attack: infected computers accessed the specified webpage over and over with the intention to block service to legitimate users.

What are Botnets

Botnet are like software robots that run automatically. While there are both legitimate and malicious botnets, of late botnets are in news for all the wrong reasons. In fact the concept of a internet based super computer uses the botnet technology. A botnet is like a shared resource and at times many malicious users use the backbone of a botnet to launch different internet attacks.

This is made possible because botnets use a collection of compromised computers (called Zombie computers) running software, usually installed by exploiting Web browser vulnerabilities, worms, Trojan horses, or backdoors, under a common command-and-control infrastructure. Botnets are like a shared resource. First a zombie computer is created and then linked to network, which is then let out for carrying attacks.

A botnet can be conceptually equated with a client server environment, except that when used maliciously, the clients do not know they are part of a network. Typically the botnet originator (master or Server) creates a set of programs and codes that infiltrate client machines and make them zombies. Many zombies come together to be part of a large network. In case of a malicious intent, these zombies are then controlled remotely by the master for purposes such as DOS attacks, traffic flooding etc. To protect the botnet and also conceal identity, the botnet originator uses a very complex encryption scheme for stealth and protection against detection or intrusion into the botnet network.

Botnet creators link with each other to create more powerful botnet networks. Typically the life cycle of a botnet is as follows

  1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application — the bot.
  2. The bot on the infected PC logs into a particular server (a web server) and creates a zombie.
  3. Many zombies are linked forming a botnet
  4. A spammer purchases access to the botnet from the operator.
  5. The spammer sends instructions to the infected PCs causing them to send out spam messages to mail servers or cause DOS attacks etc.

Organizations that have good perimeter level security are generally protected from their client computers being part
of botnets. The risk is faced by home users and organizations that do not have a structured perimeter security mechanism in place. Key steps that should be taken to protect botnets are

  1. Never browse online with administrator account (We never get tired of saying this do we?)
  2. Use the latest updated Anti Virus and run scans regularly
  3. Never allow scripts from the internet to run without permission
  4. Always be on the lookout if your internet connection or computer performance turns slow.