Bots can carry out a wide range of commands, but the most common ones are listed below. Command names can vary from one bot implementation to another, but the functions performed remain the same.
Update: download and launch a designated executable file or module from a specific server. This is a basic command and is the first to be executed. It is used to update a bot's executable file at the command of the zombie network owner if the owner wants to install a new version of the bot program. It can also be used to infect the computer with other malicious programs (such as viruses or worms) and install other bots on the computer. Using this command, PSW Trojans can be installed on all computers that make up the botnet at the same time in order to find all the passwords ever entered on each computer and stored in its memory. The passwords will be sent to a server on the Internet.
Flood: start creating a stream of false requests to a specific Internet server in order to make it fail or to overload channels in a specific segment of the Internet. Such streams can cause servers to malfunction, making them inaccessible to ordinary users. Such attacks using botnets are called DDoS (distributed denial of service). Although there are numerous methods that can be used to create false network requests, describing them in detail is beyond the scope of this article.
Spam: download a spam message template and begin sending spam to designated addresses (each bot is assigned a set of addresses).
Proxy: use the computer as a proxy server. This function is often included in a bot's core functionality rather than being implemented as a separate command. This feature makes it possible to use any computer which is part of a botnet as a proxy server in order to conceal the real address of the cybercriminal controlling the botnet.
Other commands, which are not as popular as those described above, are only implemented in some bots. These additional commands include making screenshots, logging keystrokes, requesting the user's network activity log file (used for stealing accounts and confidential data), sending this file from the user's computer, identifying serial numbers for the software installed on the user's computer, obtaining detailed information about the user's system and network environment, requesting a list of computers included in the botnet, etc.
Types of botnet
Today's botnet classification is relatively simple, and uses botnet architecture the protocols used to control bots as a basis.
Classification of botnets according to architecture
There are currently only two known types of botnet architecture.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.