A botnet is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based.Botnet is also know as zombie army.

According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion. Computers that are coopted to serve in a zombie army are often those whose owners fail to provide effective firewalls and other safeguards. An increasing number of home users have high speed connections for computers that may be inadequately protected. A zombie or bot is often created through an Internet port that has been left open and through which a small Trojan horse program can be left for future activation. At a certain time, the zombie army “controller” can unleash the effects of the army by sending a single command, possibly from an Internet Relay Channel (IRC) site. The computers that form a botnet can be programmed to redirect transmissions to a specific computer, such as a Web site that can be closed down by having to handle too much traffic – a distributed denial-of-service (DDoS) attack – or, in the case of spam distribution, to many computers. The motivation for a zombie master who creates a DDoS attack may be to cripple a competitor. The motivation for a zombie master sending spam is in the money to be made. Both of them rely on unprotected computers that can be turned into zombies.

As the spam market has become profitable, and ISPs usually discontinue service to subscribers who send spam, botnets were found to be an effective resource for sending spam. Furthermore, many compromised computers contain address books of email addresses which can be incorporated into the list of addresses to send spam to. Zombies that are not actively sending spam at any point in time can be configured to scrape the web looking for new email addresses to spam, adding further value to the botnet.

A secondary objective of the botnet is to find and compromise additional computers. While this is not considered a primary objective in and of itself, the expansion of the botnet via assimilation of new computerselps it perform the primary objectives more efficiently. Thus, this secondary objective is often the bulk of a botnet’s tasks. Many computer networks, especially those using Microsoft Windows computers running the default settings, inherently trust other computers on the same network. Thus, a single compromised machine on such a network constitutes an attack vector against other machines on the network. Other secondary botnot objectives include website advertisement clicking, web browser toolbar installations, keylogging, and social bookmarking poll manipulation.

Botnets are used as a weapon in online crime. From spam, phishing attacks, virus propagation, and now click fraud, these networks are an increasing threat to the internet.

Symantec’s latest Internet Security Threat Report indicates that bot networks now dominate the threat landscape. Symantec identified an average of 9,163 bot-infected computers per day from June to December 2005. The U.S. accounted for 26 percent of the world’s bot-infected computers, higher than any other country.

Dealing with botnets is not an easy task because these networks are an illegal collection of hundreds, thousands, tens of thousands or even hundreds of thousands of compromised computers all being controlled with a common infrastructure by a master crook. One botnet in Holland was reported to consist of 1.5 million machines all under one group’s control.

Tags: botnet, Computer hacking, hackers, zombie army