Botnets – the dark side of the Internet

  • May 3, 2007
  • 6 min read

If your PC seems to have developed a mind of its own, and your Internet connection is often overloaded for no apparent reason, then you have probably caught a special type of Trojan. Inventive Malware programmers often control hundreds, and sometimes thousands, of computers with their software pests. These are known as Botnets and this article explains what exactly these are, what risks they present, and how you can protect yourself from them.

The term “Trojan” from Greek mythology represents the same principle in the computer world as the large wooden horse in the mythological story. In this case we are not describing soldiers who want to overcome unscalable walls but rather Malware that wants to hide within the operating system of your computer. In Troy, the residents could not resist the temptation and pulled the wooden horse into the city. The software equivalent also pretends to have a different purpose, in order to convince you to run a program. The temptation is often in the form of pornographic content, illegally copied software, or a dubious email attachment. However, supposed naked pictures of female pop stars can often conceal a Trojan that can take control of your computer after being run only once.

There are basically two types of Trojan. While previous infections usually only affected single computers, increasing numbers of increasingly fast Internet connections have led to the development of new Trojans capable of rapidly infecting hundreds or thousands of computers and which often achieve this target through the naivety and lack of caution of the users. Examples of this type of Trojan are Phatbot, Agobot, SDBot or RxBot, and innumerable derivatives of these. Attentive readers may have noticed the “-bot” ending used in this article, especially in the title. The term “Bot” describes a computer infected with a Trojan that unquestioningly accepts commands from someone else than the actual owner.

As already described, suitable victims are sadly all too easy to find, resulting in not just a single infected system but an entire network of infected computers. In technical jargon, these are called “Botnets” (roBOT NETworks). Botnets are virtual networks of infected systems that receive commands from a server in different ways, depending on their type. IRC is most often used as the communications medium. IRC is a Chat protocol, the so-called Internet Relay Chat. IRC is a pure real-time communications protocol and is harmless in itself, however it now has a somewhat negative reputation as a result of its use by Botnets. Communication under IRC occurs using Channels, in a similar manner to radio.

Additional components are often downloaded to an infected computer once it has logged-in to its pre-defined IRC server. These extra components can include mechanisms for camouflage, for switching off Malware scanners, or other virus-like modules. Once fully installed, the Bots then follow the commands of the Botnet owner – usually beginning with the search for new victims.

Bots do not always spread through the careless behavior of PC owners, but also among each other. This is done by exploiting weak points in the operating system or in specific applications and this is no longer a problem exclusive to Windows. The main focus is still clearly on Windows systems but the risks of becoming part of a Botnet are also increasing for (e.g.) Linux hosts. Linux servers with an installed IRC server can be compromised and the IRC server used as the core element of a Botnet

The potential dangers

Unfortunately, the prevalent opinion of most users seems to be that it does not matter if the home PC is infected with Malware or not – as long as it seems to continue operating properly. These users usually never even consider the fact that other users may be damaged by this and that the owner of the computer is an accomplice to the crime without realizing it. Malware was previously programmed to illustrate the capabilities of the author. Paradoxically, very malicious and effective Malware is usually exceptionally well and efficiently programmed – after all, it should remain undetected and not fall victim to the security software.

However, the massive growth of the Internet has provided new sources of income for Malware programmers. This relates not only to the illegal distribution of the pest but to much more criminal intentions of providing income for the Botnet operators. The possibilities are worrying and combined with the lack of protection and the lack of caution shown by many users this is a very threatening situation. For example, the “owner” of a Botnet can carry out one or more of the following actions:

While reading this article, we hope that you are not thinking “this does not really affect me”. Most PC owners do not realize that their computer is infected. This is logical – you are not supposed to notice this type of infection. If we believe a report from the BBC, then 100 to 150 million of the 600 million Internet PCs worldwide are infected with Bots – about one quarter of all Internet PCs. We wish to explicitly repeat the fact that the abovementioned activities are all highly illegal and that the owner of the system carries the full responsibility for these activities. This brings to mind the well-known phrase – “Ignorance is not an excuse”.

What is the best way for me to protect myself?

There are a few simple ground rules and mechanisms for protecting yourself and your data. If you follow these procedures you will greatly reduce the likelihood of becoming infected.

Have a Great (Malware-Free) Day!

What to read next

Reader Comments