Botnets, Now What?

Just when I am accustomed to using spyware removal tools and running the occasional Pitstop virus scan, something new comes along.

Have you wondered why your machine seems like it’s operating in mud or is just ignoring you? Well that’s probably because it’s operating just fine for someone else. Yep, we’re talking Botnets. Botnets are using your CPU, draining your memory, just waiting to be told what to do by someone making money from your investment. You don’t mind do you? You’ll be able to get on that site just as soon as they’re done. Besides, you’ve always wanted to be part of a large organization.

A quick skimming of “Botnets For Dummies” tells me that the problem is well beyond what I imagined. Godzilla sized networks of unprotected computers are contributing to a billion dollar industry run by organized crime rings around the world. Words like drone zombies, money mules, botnet herders, weigh on me with a nagging sense of doom. Now I realize how intricate and advanced the community is, how overwhelming it has become to those trying to keep it in check.

“Botnet” is slang for a collection of software applications or bots that run autonomously and automatically. They run groups of “zombie” computers controlled remotely by hackers. They can run differing types of bots. They’re used for anything and everything illegal, including phishing, email scams, and even identity theft. It’s estimated that 80% of all spam comes from bot armies. Trojan and key logger
software are the types usually used for botnets. The possible schemes are limited only by the imagination and skills of the botmaster.

Ever hear of Denial of service attacks? I had, but never really understood what it was about. Basically if a hacker has control of 100,000+ machines, they can control large amounts of bandwidth. They could contact a web-based company and threaten to shut down the site using their zombie computers. “Send us $50,000 today and we won’t shut you down tomorrow.” It’s extortion in its most basic form. Instead of storefronts and head bashers, today we have Websites and botnets.

Take a look at this quote from a 2006 interview by CNN’s Daniel Seiberg with Merrick Furst, associate dean and professor of computing at Georgia Tech’s College of Computing

“So let me tell you how a botmaster makes money with click fraud. … They’ll build a Web site that looks like a normal Web site. They’ll put up banner ads, or other types of ads on their Web site, and these are ads served up by Google. Google contracts an advertiser to put up ads on sites — [unwittingly] contracts the botmaster online to put up ads on that botmaster’s site. … So [the botmaster] commands the machines in his bot army to click on the ads on this site. Every time one of his machines click, the message goes back to Google, Google charges the advertiser, the advertiser pays Google, Google keeps 20 percent and [unwittingly] gives 80 percent to the botmaster. … Let’s say even if [the botmaster] controls a small army of 5,000 machines, which is very small in this game — he can make $15,000 a month in click fraud.”

The figures I’m seeing on the spread of this problem are just staggering. Figures that range from
10% of all PCs connected to the Internet, to as high as 150
million machines, bring this problem into perspective. These aren’t just alarmist figures. These estimates are from some of the world’s most savvy computer and Internet gurus, names like Michael Dell, Merrick Furst, Vint Cerf (Father of the Internet) and Jonathan Zittrain (Oxford). I’m seeing reports of a single botnet that controlled 1.5 million machines. From less than 10 million in 2005, 75 million in 2006, and now over 150 million for 2007, I can only cringe at what the 2008 figures will be. This is the biggest problem the Internet has faced to date.

Why so successful?

Like any industry, Botnet success depends on intelligence and technology. But since this industry thrives on predatory practices, there is another factor that comes into play. Usually bots infect single user PCs, but small business and universities are prime targets. Believe it or not, many of these machines are left totally unprotected. If your antivirus isn’t updated at least weekly, you are not protected. Your firewall must be updated, active and on. Many moderate to small networks may lack a clear protection policy. Combining excellent cable connections with uninformed users makes for the rocketing success of the Botmaster and his hive of Zombie Drones.

Is The Battle Lost?

Have you seen the joke about coming to the end of the Internet? Well it may not be a joke. The Internet is running out of addresses. The current limit is set at 4 billion. Countries that use languages and characters that are not Latin based, are coming into play. Everything in this world changes and computing, as we know it today, is certainly no different. Today’s Internet is likely to last less time than the old wired phones of my parent’s day.

Currently the Internet operates relatively unrestricted and unpoliced. It currently fosters anonymity but unless we come up with a way of keeping the bad guys in check it will soon be as desolate as DeadMans Gulch. Since no one’s invited me to the next “Technology in Industry Summit” and my neighbor is a retired middle school principal instead of Michael Dell, I think I’ll just update my antivirus and configure my firewall. If you find something better to do, let me know.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles