Botnets and bots: what they are and how they work

Definition and function of the botnet

The term Botnet refers to a group of devices connected to the internet and infected by a specific kind of malware, which transforms them into bots (or zombies). This malware acts silently without the device owners realising, allowing the cybercriminals not only to hack into and take control of the devices, but also to insert them into a powerful infrastructure used to commit cybercrime.

Computers (whether PC’s or laptops), tablets, smartphones and even routers and smart appliances can be controlled by commander type botnets which, in some cases, are used for the sole purpose of expanding botnets.  In other scenarios, botnets are used to carry out DDoS (Distributed Denial of Service) attacks: the botnets do this by bombarding the servers with useless requests, thereby overloading them and rendering them un-usable by their owners).

Sometimes botnets are used for spam, with criminals using them as a vehicle for sending unwanted email messages, usually to all the contacts stored in the infected computers. Contact lists however, are not the only information these cybercriminals exploit: the malware which transforms the devices into bots often allows them to steal passwords, codes, financial information such as credit card PIN numbers, telephone numbers, email or postal addresses etc. as well.

The main botnets in circulation today

Among the most well-known and lethal botnets currently in circulation is Bobax; its involuntary ‘members’ number almost 25 thousand; it is a network based on Internet Explorer and communicates via the HTTP protocol. Once it has been installed on a computer, it de-activates all security features and sets up a powerful spam function, while carefully avoiding using too much band so as to escape identification. Sometimes it also de-activates any antivirus installed on the computer.

The botnet Rbot currently infects 40 thousand PC’s, through which it sends out spam and carries out distributed denial of service attacks (DDos), while Storm Worm, which counts between 200 thousand and a million ‘members’, uses P2P protocols and converts infected devices into hosts for malware sites. These two different systems, both very difficult to remove, continue to work silently and secretly every day, ‘earning’ huge sums of money for criminals who are becoming ever more specialised in their illicit craft.

How to protect against the risk of infection

In order to protect against the risk of infection, it is first of all essential to change the security codes of routers, webcams, printers, smart appliances etc. In addition, it is extremely important that all available updates are installed, that users avoid using the administrator account on their computers, are take the utmost care when downloading from third party websites, scanning files downloaded from torrent trackers and ensure that only trusted security systems are used.

To find out if your devices are part of a botnet there are several methods: the first involves using a page specially created by Kasperky Lab, which allows you to check if your IP address is included on the list of infected addresses. The second involves the use of the Kasperky Security Scan tool (these solutions are all designed to identify the Simda botnet, which is used to spread illegal programs and a range of malware).

That concludes our brief summary on botnets and bots:  systems created by cybercriminals with the sole aim of spreading malware capable of obtaining sensitive data, stealing personal or business details, sending spam and more generally, carrying out illicit activities which can cause untold damage to oblivious users.

Translated by Joanne Beckwith