Botnet, be aware of it
Sangam Kumar Chaturvedi
Botnet
http://en.wikipedia.org/wiki/Botnet
Organization
While botnets are often named after the malware that created them, multiple botnets typically use the same malware, but are operated by different criminal entities.[3]
The term "botnet" can be used to refer to any group of computers, such as IRC bots, but the term is generally used to refer to a collection of computers (called zombie computers) that have been recruited by running malicious software.[citation needed]
A botnet's originator (known as a "bot herder" or "bot master") can control the group remotely, usually through an IRC, and often for criminal purposes. This server is known as the command-and-control (C&C) server. Though rare, more experienced botnet operators program command protocols from scratch. These protocols include a server program, a client program for operation, and the program that embeds the client on the victim's machine. These communicate over a network, using a unique encryption scheme for stealth and protection against detection or intrusion into the botnet.[citation needed]
A bot typically runs hidden and uses a covert channel (e.g. the RFC 1459 (IRC) standard, Twitter, or IM) to communicate with its C&C server. Generally, the perpetrator has compromised multiple systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community. The process of stealing computing resources as a result of a system being joined to a "botnet" is sometimes referred to as "scrumping."
Botnet servers typically liaise with other botnet servers, such that a group may contain 20 or more individual cracked high-speed connected machines as servers, linked for greater redundancy. Actual botnet communities usually consist of one or several controllers that rarely have highly developed command hierarchies; they rely on individual peer-to-peer relationships.[4]
Botnet architecture evolved over time, and not all botnets exhibit the same topology for command and control. Advanced topology is more resilient to shutdown, enumeration or discovery. However, some topologies limit the marketability of the botnet to third-parties.[5] Typical botnet topologies are Star, Multi-server, Hierarchical and Random.
To thwart detection, some botnets are scaling back in size. As of 2006, the average size of a network was estimated at 20,000 computers, although larger networks continued to operate.[6]
Formation and exploitation
This example illustrates how a botnet is created and used to send email spam.
- A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot.
- The bot on the infected PC logs into a particular C&C server.
- A spammer purchases the services of the botnet from the operator.
- The spammer provides the spam messages to the operator, who instructs the compromised machines via the control panel on the web server, causing them to send out spam messages.
Botnets are exploited for various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam (see Spambot), click fraud, spamdexing and the theft of application serial numbers, login IDs, and financial information such as credit card numbers.
The botnet controller community features a constant and continuous struggle over who has the most bots, the highest overall bandwidth, and the most "high-quality" infected machines, like university, corporate, and even government machines.[7]
--