You’ve probably heard of the word ‘botnet.’ It’s often used in conjunction with ‘zombies’ and ‘enslaved computers’ and paints a dystopian picture of the future in which remotely controlled computers rule the world.
The truth isn’t too far from this. A botnet is a collection of computers that together have been remotely hijacked, irrespective of their location, to create a network of ‘zombie computer’s’ controlled by hackers.
Botnets really started making their mark in the early 2000s when financially motivated attackers took notice of the large number of unprotected computers and equally large number of users turning a blind eye to security.
So why do hackers create botnets?
Today, botnets can be enormous and have accounted for cyber fraud activity that can be counted in billions of stolen dollars.
A botnet is the difference between having one computer to do a hacking mission and having 10,000 computers. A cyber crook has simply got so much more computing power at their fingertips to:
- Attack other computers or to take down websites
- Send spam or phishing emails to millions of email addresses
- Deliver ransomware to hundreds of thousands of computers
- Send spyware, trojans and other types of malicious malware
How are botnets created?
A hacker writes some malware code that if it gets into your computer allows it to be taken over remotely.
Criminals try and get the malware into your computer by taking advantage of exploit flaws such as browser plugin updates that you’ve ignored or placing malicious links on websites. You click and the malware downloads, but you might not be aware of it.
When the malicious code executes on your computer, it uses the internet to make contact with the control computer that operates the botnet, often called a command and control server. Your computer periodically checks for instructions from the command and control server.
Peer to peer botnets are used by cyber fraudsters to stop security researchers and authorities from identifying and stopping centralised command and control servers. To put it simply, in a peer to peer botnet the bots connect and communicate with to each other in order to remove the need for a centralized server.
But even smart connected devices are now being exploited. Last year a piece of malware called Mirai (Japanese for future) was used to create an Internet of Things (IoT) botnet from connected cameras and digital video recorders.
Most known botnets
The GameOver Zeus botnet
was one of the most powerful ‘financial’ botnets ever seen. Designed to steal online banking credentials it is estimated to have infected almost 4 million PCs in the US alone. It is believed to be responsible for the theft of millions of dollars from businesses and consumers around the world.
The Simda botnet
infected more than 770,000 computers in over 190 countries It was active for years and distributed pirated software and different types of malware, including stealing financial credentials.
ranged anywhere from 250,000 to 50 million computers. First detected in 2007, it got its name from one of its earliest spam messages, “230 dead as storm batters Europe” used as the subject line in emails that were hiding malware. Notable for being one of the first peer-to-peer botnets
it was known for enabling share price fraud and identity theft. Storm was partially shut down in 2008.
controlled in excess of 1.9 million computers around the world. It split its focus on click fraud and bitcoin mining. The botnet was reported to be consuming enough energy to power 111,000 homes every single day from all its infected computers.
The Mirai botnet
surfaced last year. It consisted of compromised smart devices and was used to launch the largest ever distributed denial of service attacks the world has ever seen. It took down some major websites including Netflix and Twitter.
Botnets for hire
The cybercriminals who operate the botnet will likely sell it or rent it out to be used by other fraudsters. At some point the botnet will be activated and used to launch some type of attack.
Botnet’s for rent are big business in the cyber fraud underworld and they are typically rented out for as little as £15 per hour.
Today, it’s a fact that malware and botnet infrastructure dedicated to cyber-crime
is a large commercial operation, that’s not going anywhere.
What damage do botnets do?
- Distribute malware, ransomware or spyware to spy, steal and cheat people out of their personal information and financial information, alongside blackmail,
- Send out spam emails to hundreds of thousands of email addresses which have often been stolen from different organisations servers
- Launch distributed denial of service (DDoS) attacks on a website, companies or government agencies. The botnet is used to send so many requests for content that the server cannot cope and it essentially sinks under the weight of the requests
- Botnets are used to generate fake clicks on ads so the fraudsters can make large amounts of money
- Launch large phishing campaigns, for instance, emails that contain hidden malware
How to tell if your computer has been ‘enslaved’ into a botnet
There are some tell-tale signs that indicate your computer might become a part of a botnet:
- Your computer or internet connection is running slower than normal
- Your computer behaves erratically, for instance it crashes often and you receive unexplained error messages
- There is high network usage on your home network
- Your browser closes frequently and unexpectedly
- Sometimes your computer takes a long time to start or shutdown
How to avoid becoming a part of a botnet
- Don’t click on suspicious links - you don’t know where they lead
- Don’t download attachments that you don’t recognise or never requested
- Use good antivirus and antispyware software
- Do a full, in-depth scan with your antivirus to make sure everything on your computer is clean
- Keep all your software up to date, especially your browser
What’s the future of botnets… it's thingbots.
There are an estimated 2 billion personal computers in the world and botnet creators have certainly taken advantage of this by snaring millions of unsuspecting computer users.
But let’s put this in perspective. The Internet of Things (IoT) is upon us. Everything from cars to home appliances, watches and even children’s toys are being connected online. It is projected that by the year 2020, there will be more 25 billion devices connected to the Internet.
Those numbers alone are enough to attract cybercriminals’ attention, but what is more relevant is that these devices mean more data to steal, more systems to take over and more money to be made.
This rise of IoT will bring another evolution in malware in the form of thingbots. Thingbots are botnets composed of infected IoT devices. We’ve already seen
the Mirai botnet and this is just the start.
Compromised IoT devices can be controlled to launch attacks, steal sensitive data or facilitate other malicious activities. We have already seen a few of these in the last couple of years.
What is alarming about IoT is the painful lack of security on many devices. It’s an open invitation for cyber crooks and as such you can bet your latest smart device that thingbots will definitely become a thing