The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Technology, Computer crime, Internet

Botnet

Revision as of 05:28, 28 November 2011 by Mdscott (talk | contribs)
Edit

Definition

Linked-computers-angled

A botnet (a contraction of the term “RoBOT NETwork”) is

[a] network of remotely controlled systems used to coordinate attacks and distribute malware, spam, and phishing scams.[1]

Overview

A 2006 industry report indicated that nearly 12 million computers around the world were compromised by bots.[2] Researchers suggest an average of about 4 million new botnet infections occur every month.[3] Typically, users whose computers have been conscripted into a botnet are unaware that their computers have been compromised.

Hundreds or thousands of these infected computers can operate in concert to disrupt or block Internet traffic for targeted victims, harvest information, or to distribute spam, viruses, or other malicious code (called collectively "Botnet code"). The attack value of a botnet arises from the sheer number of computers that an attacker can control.

Botnets are becoming a major tool for cybercrime, partly because they can be designed to very effectively disrupt targeted computer systems in different ways, and because a malicious user, without possessing strong technical skills, can initiate these disruptive effects in cyberspace by simply renting botnet services from a cybercriminal. Botnets have been described as the “Swiss Army knives of the underground economy” because they are so versatile.

How they work

Traditionally, botnets organized themselves in an hierarchical manner, with a central command and control (C&C) location (sometimes dynamic) for the botmaster. Intruders exploit security flaws in the hardware and/or software used by individual consumers, and they install malicious software that connects the consumer’s computer into a remotely controlled network of many computers.

Once compromised, the infected computers are instructed to communicate with the command and control server and follow whatever instructions are received. By relaying commands through the C&C, the bot herder is able to remotely control a vast network of compromised computers, and use those computers for a variety of nefarious purposes, including the sending of spam, the distribution of malicious software, click fraud, and denial of service attacks.[4]

However, in the near future, security experts believe that attackers may use new botnet architectures that are more sophisticated, and more difficult to detect and trace. One class of botnet architecture that is beginning to emerge uses peer-to-peer protocol, which, because of its decentralized control design, is expected to be more resistant to strategies for countering its disruptive effects. A well-designed peer-to-peer botnet may be nearly impossible to shut down as a whole because it may provide anonymity to the controller, who can appear as just another node in the bot network.

Some botnet owners reportedly rent their huge networks for US$200 to $300 an hour, and botnets are becoming the weapon of choice for fraud and extortion.[5] Newer methods are evolving for distributing “bot” software that may make it even more difficult in the future for law enforcement to identify and locate the originating botmaster.

Some studies show that authors of software for botnets are increasingly using modern, open-source techniques for software development, including the collaboration of multiple authors for the initial design, new releases to fix bugs in the malicious code, and development of software modules that make portions of the code reusable for newer versions of malicious software designed for different purposes. This increase in collaboration among hackers mirrors the professional code development techniques now used to create commercial software products, and is expected to make future botnets even more robust and reliable. This, in turn, is expected to help increase the demand for malware services in future years.[6]

Criminal conduct

The rise of botnets has been recognized as the most serious security threat facing the Internet.[7] Among other harms, experts estimate that botnets are responsible for approximately 85% of spam sent worldwide.[8] Operating a botnet is illegal, and in many cases, punishable as a felony.[9]

Once compromised, the owners of these computers are put at risk. Criminals have the ability to access personal information stored on the computer and communications made with the computer. Criminals can exploit this information for identity theft, privacy violations, and other crimes, as well as utilize the impacted users’ computing power and Internet access. Networks of these compromised computers can be used to store and transfer illegal content, and attack the servers of government and private entities with distributed denial-of-service attacks.

Click fraud is another potential illegal use for a botnet.[10] Click fraud is a crime in many jurisdictions, including California, where it is a felony.[11]

An OECD report[12] identified the following as typical criminal uses of a botnet:

  1. Locate and infect other information systems with bot programmes (and other malware). This functionality in particular allows attackers to maintain and build their supply of new bots to enable them to undertake the functions below. . . .
  2. Conduct distributed denial of service attacks (DDoS).
  3. As a service that can be bought, sold or rented out.
  4. Rotate IP addresses under one or more domain names for the purpose of increasing the longevity of fraudulent web sites, . . . for example host phishing and/or malware sites.
  5. Send spam which in turn can distribute more malware.
  6. Steal sensitive information from each compromised computer that belongs to the botnet.
  7. Hosting the malicious phishing site itself, often in conjunction with other members of the botnet to provide redundancy.
  8. Many botnet clients allow the attacker to run any additional code of their choosing, making the botnet client very flexible to adding new attacks.

References

  1. Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities, at 14.
  2. See McAfee Virtual Criminology Report: Organised Crime and the Internet (Dec. 2006).
  3. See McAfee Quarterly Threat Report 2nd Quarter 2011.[1]
  4. Id.; CERT Coordination Center, Botnets as a Vehicle for Online 6 Crime, at 7-16.[2]
  5. Susan MacLean, “Report warns of Organized Cyber Crime,” ItWorldCanada, Aug. 26, 2005.[3]
  6. McAfee Virtual Criminology Report: Organized Crime and the Internet (Dec. 2006).[4]
  7. See, e.g., Tim Ferguson, Security Experts: Botnets Biggest Threat on Net, ZDNet UK, Apr. 11, 2008.[5]
  8. See, e.g., Marshall8e6, Are Bots About to Bring Down Your Business? at 2.[6]
  9. See 18 U.S.C. §1030.
  10. See, e.g., Stefanie Olsen, Exposing Click Fraud, CNET News.[7]
  11. See Cal. Penal Code §502.
  12. Malicious Software (Malware): A Security Threat to the Internet Economy, at 23.

External links

  • CERT Coordination Center, "Botnets as a Vehicle for Online Crime," at 11, 20 (full-text).
  • Jaideep Chandrashekar, Carl Livadas, Steve Orrin & Eve Schooler, "The Dark Cloud: Understanding and Defending Against Botnets and Stealthy Malware" (Aug. 4, 2009) (full-text).

See also

Community content is available under CC-BY-SA unless otherwise noted.
Advertisement

Fan Feed