Explaining Botnets
If one were to ask people, ‘What is the most annoying thing they experience on the internet?’ it’s safe to assume that most will name spam as their No. 1 annoyance. The main driver for spam is obviously money. People are either paid to run spam campaigns or, in some cases, spam is used by an unscrupulous party as a form of free marketing.
Beforehand spammers relied on badly configured email servers to send their spam; however, nowadays open relays (mail servers that send out emails regardless of the source) are very rare so spammers rely on botnets to deliver their emails among other possible things. A botnet is a piece of malware that, when infecting a victim, will contact a centralized command system and wait for commands to execute. In many cases these are then instructed to send spam campaigns whenever the attackers need.
When a particular botnet gains notoriety and grows large enough some company, such as Microsoft, might try to take legal action to shut down its command and control infrastructure; however, even in that case the botnet endures and if its owners were to restore that infrastructure the whole botnet would become fully operational once again.
How does a botnet spread?
Botnets are like any other malware, they can be spread as either a payload of a virus/Trojan, by social engineering the victim to run the botnet attached to an email/malicious website.
Protecting against a botnet is the same as with other malware. Keep your Windows installation up to date, ensure you have an antivirus solution that is fully up to date and ideally that not only scans the files on your hard drive but also scans incoming email and files accessed through the web.
Additional protection can be had if one uses a solution that can detect, advise/stop access by users to disreputable web sites that might be known to distribute malware.
Why are botnets dangerous?
Botnets are generally pretty insidious, once infected your computer becomes part of a whole network of other infected computers waiting for instructions from a malicious person controlling the botnet. Botnets are generally hard to detect in that they lay dormant until triggered.
Botnets can be used in various ways, opening your business up to an attacker. They can be rented out to other malicious parties in need of a large number of computers to run spam campaigns or launch denial of services attacks.
They can be used by the attacker to spy on their victims, stealing their credentials or even hijack their banking transactions, stealing their money at the same time that the victims are using their online banking system. The botnet owner can also potentially steal confidential documents and source code using a botnet.
Botnets can be quite a headache; they can use your computer resources to send spam, spy on their victims or launch denial of service attacks against unsuspecting victims. These activities can end up costing the business time and money (in utilized resources, stolen money/intellectual property) as well as possibly landing you in legal trouble if the receiving end of the attack decides to take legal action against its attackers without realizing the attacker is in fact a victim like them.
It is very much worth the time and effort to secure your environment as much as possible and avoid these potential pains.
Good advice, it’s staggering to think how many people are unwittingly part of a botnet without even realizing it. I think if more people were aware of the enormity of the risks and how common botnet infection is, they wouldn’t be so reckless with their computer security. Is there any legal precedent for those infected with a botnet being included as a defendant for legal action?
Off the top of my head I am not aware of actual legal action against victims of botnets; however, these things can be tricky in that when such legal action is taken the victim will be sued for the action taken by the botnet (DDOS attack, hacking attempts etc..) so it might be tricky to find such examples.
I am, however, aware of a case where a botnet introduced a malware onto a victim’s computer, the malware piggybacked a legitimate transaction on the online bank of the victim and transfered the money from that account to the attacker’s account. The bank was unable to reverse the transfer and refused to refund the victim claiming that it was their responsibility to keep their computer safe.
Botnets are NOT only dangerous, they are also financial disasters. Many small, medium, and large businesses are the favorite targets of botnets for an obvious reason – to steal sensitive information and data and sell to others (to competitors, spammers, etc).
As a business owner myself, updating your OS, virus database, and programs to the latest version will not be enough. You must be vigilant and knowledgeable also.
If you have or if you are running a company (whether it’s small, medium, or large), you must hire an excellent network administrator and / or IT manager. They maybe expensive, but I always believe that prevention is better that cure.
Yes I agree Tiffany, preventing one intrusion will probably pay for any extra cost you might ever incur in hiring a good network administrator!
At least botnets should be relatively easy to catch – they are so noisy (i.e. they use so many resources) that one must be blind not to notice them. This isn’t unimportant, having in mind how stealth some of the other dangerous types of malware are.