The Botnet Business
by Vitaly Kamluk - Kaspersky Lab - Wednesday, 28 May 2008.
Botnets have been in existence for about 10 years; experts have been warning the public about the threat posed by botnets for more or less the same period. Nevertheless, the scale of the problem caused by botnets is still underrated and many users have little understanding of the real threat posed by zombie networks (that is, until their ISP disconnects them from the Internet, or money is stolen from their credit cards, or their email or IM account is hijacked).

What is a botnet?

First of all, we need to understand what a botnet or zombie network is. A botnet is a network of computers made up of machines infected with a malicious backdoor program. The backdoor enables cybercriminals to remotely control the infected computers (which may mean controlling an individual machine, some of the computers making up the network or the entire network).

Malicious backdoor programs that are specifically designed for use in creating botnets are called bots. Botnets have vast computing power. They are used as a powerful cyber weapon and are an effective tool for making money illegally. The owner of a botnet can control the computers which form the network from anywhere in the world from another city, country or even another continent. Importantly, the Internet is structured in such a way that a botnet can be controlled anonymously.

Computers infected with a bot can be controlled either directly or indirectly. When bots are controlled directly, the cybercriminal establishes a connection with an infected computer and manages it by using commands built into the bot program. In the case of indirect control, the bot connects to the control center or other machines on the network, sends a request and then performs the command which is returned.

The owner of an infected machine usually does not even suspect that the computer is being used by cybercriminals. This is why computers infected with bot malware and which are surreptitiously controlled by cybercriminals are also called zombies. The networks formed from infected machines can be called zombie networks. Most zombie machines are home users' PCs.

How are botnets used?

Botnets can be used by cybercriminals to conduct a wide range of criminal activity, from sending spam to attacking government networks.

Sending spam is the most common use for botnets, and is also one of the simplest. Experts estimate that over 80% of spam is sent from zombie computers. It should be noted that spam is not always sent by botnet owners: botnets are often rented by spammers. It's the spammers who understand the real value of botnets. According to our data, an average spammer makes $50,000 $100,000 a year. Botnets made up of thousands of computers allow spammers to send millions of messages from infected machines within a very short space of time. In addition to speed and the sheer volume of spam that can be sent, botnets provide spammers with one more advantage. Addresses used to send spam are often blacklisted, and messages coming from these addresses will be blocked or automatically flagged as spam by mail servers. Using hundreds of thousands of email addresses ('borrowed' from the owners of zombie computers) helps spammers overcome this problem. Another botnet 'bonus' for spammers is the opportunity to harvest email addresses from infected computers. Stolen addresses are sold to spammers or used by the botnet owners themselves to send spam. A growing botnet will add more and more new addresses to the harvest.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th