Botnets explained

If one were to ask people, ‘What is the most annoying thing they experience on the internet?’ it’s safe to assume that most will name spam as their No. 1 annoyance. The main driver for spam is obviously money. People are either paid to run spam campaigns or, in some cases, spam is used by an unscrupulous party as a form of free marketing.

Beforehand spammers relied on badly configured email servers to send their spam; however, nowadays open relays (mail servers that send out emails regardless of the source) are very rare so spammers rely on botnets to deliver their emails among other possible things.

A botnet is a piece of malware that, when infecting a victim, will contact a centralized command system and wait for commands to execute. In many cases these are then instructed to send spam campaigns whenever the attackers need.

When a particular botnet gains notoriety and grows large enough some company, such as Microsoft, might try to take legal action to shut down its command and control infrastructure; however, even in that case the botnet endures and if its owners were to restore that infrastructure the whole botnet would become fully operational once again.

How does a botnet spread?

Botnets are like any other malware, they can be spread as either a payload of a virus/Trojan, by social engineering the victim to run the botnet attached to an email/malicious website.

Protecting against a botnet is the same as with other malware. Keep your Windows installation up to date, ensure you have an antivirus solution that is fully up to date and ideally that not only scans the files on your hard drive but also scans incoming email and files accessed through the web.

Additional protection can be had if one uses a solution that can detect, advise/stop access by users to disreputable web sites that might be known to distribute malware.

Why are botnets dangerous?

Botnets are generally pretty insidious, once infected your computer becomes part of a whole network of other infected computers waiting for instructions from a malicious person controlling the botnet. Botnets are generally hard to detect in that they lay dormant until triggered.

Botnets can be used in various ways, opening your business up to an attacker. They can be rented out to other malicious parties in need of a large number of computers to run spam campaigns or launch denial of services attacks.

They can be used by the attacker to spy on their victims, stealing their credentials or even hijack their banking transactions, stealing their money at the same time that the victims are using their online banking system. The botnet owner can also potentially steal confidential documents and source code using a botnet.

Botnets can be quite a headache; they can use your computer resources to send spam, spy on their victims or launch denial of service attacks against unsuspecting victims.

These activities can end up costing the business time and money (in utilized resources, stolen money/intellectual property) as well as possibly landing you in legal trouble if the receiving end of the attack decides to take legal action against its attackers without realizing the attacker is in fact a victim like them.

It is very much worth the time and effort to secure your environment as much as possible and avoid these potential pains.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.