BOTNET – An Introduction

Posted on by

Hi all,

“Terrorists may be able to do more with a keyboard than with a bomb.
We understand the power of the bomb and the bullets but now we also
have to understand 'cyber-terrorism'

According to Symantec Internet Security Threat Report – 2010, there are more than 1 million bots observed in 2010. Symantec also observed an underground economy advertisement in 2010, promoting 10,000 bots for $15 and for each “stolen” credit card number prices range from $0.07 to $100.

This shows how botnets are used as a vehicle for today’s cyber – terrorism & cyber – crime. This post will give you a basic idea of botnet.

Bot A ‘bot’ is a type of malware which allows an attacker to gain complete control over the affected computer.
Bot Master / Herder The bot master can perform coordinated activities with bots by issuing commands.
Botnet Botnet is a network of infected systems (i.e. bots) under the control of a bot master.

Computers that are infected with a ‘bot’ are generally referred to as zombies.

The above figure has 3 phases,

  • Startup – the startup of bot is automatic without any user actions.
  • Preparation – a bot establishes a C&C channel with its bot master.
  • Attack – The bot will perform local or remote access sooner or later.

Once a host is infected by the botnet master, which sends out viruses or worms, it automatically downloads the bot binary source from the remote botnet master and installs it. The zombie machine, when it is up and connected to the Internet, will log into the C&C channel and wait for bot master’s commands. Bot master logs into the C&C and can issue commands for the bots to perform.

For example an attack can be launched as below,

  1. The attacker sends command to the C&C server.
  2. The C&C server in-turn connects to all other bots and forms a botnet.
  3. The attacker pays money to the bot master to gain access to the botnet.
  4. Spammer sends instructions to the group of bots to do some malicious tasks such as spam.
  5. Now the botnet sends spam to other hosts.

Hope this post was helpful 🙂

Leave a comment