Anonymous Internet access. Cybercriminals can access web servers using zombie machines and commit cybercrimes such as hacking websites or transferring stolen money. This activity, of course, appears to come from the infected machines.
Selling and leasing botnets. One option for making money illegally using botnets is based on leasing them or selling entire networks. Creating botnets for sale is also a lucrative criminal business.
Phishing. Addresses of phishing pages are often blacklisted soon after they appear. A botnet allows phishers to change the addresses of phishing pages frequently, using infected computers as proxy servers. This helps conceal the real address of the phishers' web server.
Theft of confidential data. This type of criminal activity will probably never lose its attraction for cybercriminals. Botnets help increase the haul of passwords (passwords to email and ICQ accounts, FTP resources, web services etc.) and other confidential user data by a factor of a thousand. A bot used to create a zombie network can download another malicious program, e.g., a password stealing (PSW) Trojan, and infect all the computers on the botnet with it, providing cybercriminals with passwords from all the infected computers. Stolen passwords are sold or used for mass infections of web pages (in the case of FTP account passwords) in order to further spread the bot program and expand the zombie network.
Bots can carry out a wide range of commands, but the most common ones are listed below. Command names can vary from one bot implementation to another, but the functions performed remain the same.
Update: download and launch a designated executable file or module from a specific server. This is a basic command and is the first to be executed. It is used to update a bot's executable file at the command of the zombie network owner if the owner wants to install a new version of the bot program. It can also be used to infect the computer with other malicious programs (such as viruses or worms) and install other bots on the computer. Using this command, PSW Trojans can be installed on all computers that make up the botnet at the same time in order to find all the passwords ever entered on each computer and stored in its memory. The passwords will be sent to a server on the Internet.
Flood: start creating a stream of false requests to a specific Internet server in order to make it fail or to overload channels in a specific segment of the Internet. Such streams can cause servers to malfunction, making them inaccessible to ordinary users. Such attacks using botnets are called DDoS (distributed denial of service). Although there are numerous methods that can be used to create false network requests, describing them in detail is beyond the scope of this article.
Spam: download a spam message template and begin sending spam to designated addresses (each bot is assigned a set of addresses).
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.