Sunday, May 18, 2008

Botnets a Robot Network

The term Botnet is derived from two words: Robot and Network. A robot program is one that runs by itself and can respond to commands. It can be referred to as a “bot”. Thus a Botnet is a network of bots that communicate with a controller. Botnets are different than other malicious programs that can infect your computers because of they can be controlled by an external host.

Botnets are typically controlled using Internet Relay Chat or IRC. IRC is easy and flexible to use and can hide the identity of the attacker. The attacker sets up an IRC channel to issue commands to the bots in his network. Once the bots are installed in a computer, they constantly listen for commands on their assigned IRC channel. The bots also use authentication and authorization so that only their owner can control them.

How are Botnets Used? : Botnets can be used for the below malicious tasks:

  • Committing Click Fraud by clicking on links to ads to generate income.
  • Sending Spam from multiple zombie computers.
  • Identity theft by stealing login ids, passwords, credit card numbers.
  • Distributed Denial of Service (DDoS) attacks against a specific host are used to shut down the host by overloading it with traffic.
How to protect your computer from Botnets? : Botnets are typically spread by worms that look for vulnerable computers. You should keep your system updated with the latest security patches, avoid suspicious mail attachments and be protected by a firewall.

Affected systems typically experience both system and communications slowdowns. You can detect if you are infected by a botnet by viewing logs or by using the Netstat command to check for suspicious connections.


Blog Widget by LinkWithin

Label Cloud