Users began to know this malicious program from the year 2000 when a teenager from Canada launched a series of denial of service attacks against very popular websites. The young man, whose nickname was Mafiaboy, attacked Yahoo, ETrade, Dell, eBay, Amazon, among others, for several days, overloading the websites until the servers collapsed. Mafia Boy, or his real name Michael Cale, did not use a botnet for his wrongdoing. Based on this incident, security experts warned that botnets (large computer networks infected with a variety of malware) and DDoS attacks were a great threat to the stability and integrity of the Internet.
The botnet is the generic name that calls any group of PCs infected and controlled by an attacker remotely. Generally, a hacker or a group of them creates a botnet using malware that infects a large number of machines. Computers are part of the botnet, called “bots” or “zombies”. There is no minimum number of computers to create a botnet. Small botnets can include hundreds of infected PCs, while older ones use millions of computers. Some examples of recent botnets are Conficker, Zeus, Waledac, Mariposa, and Kelihos. Often, the botnet is understood as a single entity, however, the creators of this malware sell it to anyone who pays for it. For this reason, there are dozens of separate botnets using the same malware and operating at the same time.
HOW DOES IT INFECT A COMPUTER?
Hackers use two methods to infect computers and they are part of a botnet: drive-by downloads and email attacks.
- In the first case, the process requires different steps and the attacker must find a web page with a vulnerability that can explode. Then, the hacker loads its malicious code on the page and exploits the vulnerability in a web browser such as Google Chrome or Internet Explorer. The code redirects the user’s browser to another site controlled by the offender where the bot code is downloaded and installed on the computer.
- In the second case, the process is simpler. The attacker sends a large amount of spam, where a Word or PDF file with malicious code or a link to the page that hosts the code is attached. Once the code is in the computer, the computer becomes part of the botnet. The attacker can handle the commands remotely, load data on the PC or do what he wants with the machine.
The most common use of botnets is DDoS attacks. These attacks use the power of the computer and the bandwidth of hundreds or thousands of computers to send large amounts of traffic to a specific web page and overload that site. There are different types of DDoS attacks, but the goal is always the same: to collapse a web. The attackers used this tactic to tear down the pages of their enemies. However, they began using this method to attack portals such as Yahoo, MSN, online stores, banks or government websites. Groups like Anonymous and LulzSec used DDoS attacks against these types of organizations. Meanwhile, cybercriminals used this type of attack against bank pages to hide other more important attacks on those banking entities.
Botnets are also used for other operations such as bulk spam or large-scale credit card fraud.
DEFENCE AGAINST A BOTNET
There are different forms of defense against DDoS attacks, but almost all of them operate at the server or ISP level. For users, the defense against a botnet begins by updating all the software on their computer and avoiding clicking on suspicious links. Hackers take advantage of the ingenuity of users when opening malicious files or clicking on links that hide malware. If we eliminate that part of the equation, it will be harder for cybercriminals to infect our team and build a botnet.