Botnets are networks of computers infected with remote-controlled software that allows a hacker to run automated programs. They are used for spamming, phishing, DDoS attacks, and click-fraud. Botnets are a major source of crime on the internet and are on the rise, with the US being the hardest hit country. Anti-rootkit software can be used to scan for existing rootkits and minimize the risks of becoming part of a botnet.
A botnet (“network of robots”) refers to multiple computers infected with remotely controlled software that allows a single hacker to run automated programs on the botnet behind users’ backs. The remote-controlled software or rootkit is surreptitiously installed on every computer, hiding its presence and tracks, making it difficult to detect. Meanwhile, the hacker can use the botnet for many purposes, including distributing spam, spreading Trojan horses, perpetuating phishing scams, or gathering information for identity theft or fraud.
When a compromised computer falls prey to a rootkit, the computer is referred to as a “zombie computer.” A hacker can install rootkits on many computers, essentially building a network of compromised “zombie computers” to run bots or secret services for the hacker. In the underground niche of botnet operators, there is a lot of competition to have the biggest or most powerful botnet. Not only are individual computers at risk, but so are the networks of major private companies, the government, and even the military.
Botnets are a major source of crime on the Internet. Some operators “lease” their botnets by the hour to spammers. Internet service providers (ISPs) don’t allow spamming, but when thousands or hundreds of thousands of machines send out five or ten pieces of spam, the spammer escapes notice. Also, spam sent via a botnet traces back to the compromised computers, not the spammer.
Botnets are also used to perpetuate phishing scams by sending emails that appear to come from legitimate companies such as financial institutions, eBay or PayPal. The email typically asks for sensitive personal information, which victims often provide. This information goes directly to the botnet operator for personal gain.
An operator can also use a botnet to launch a Distributed Denial of Service (DDoS) attack against a website. A command is sent to the botnet computers inviting them to contact a specific web page at the same time. This can cause the website server to crash due to an overload of traffic requests. Getting the server and website back online can take time and disrupt business. DDoS attacks are often performed against large, well-known companies and have reportedly cost millions of dollars.
Click-fraud is yet another scam perpetrated by some botnet operators. Advertisers typically pay a small commission for each click on an advertised link that appears on a web page. A botnet operator with an advertising contract on a personal domain can send a command to computers on the compromised network to automatically click an advertising link whenever a browser is opened. Considering that a botnet can be very large, click fraud is a significant problem for advertisers.
In October 2005, Dutch police discovered a major botnet consisting of 1.5 million compromised computers. The zombie network was allegedly run by three twenty-year-olds. Botnets are on the rise with the United States thought to be the hardest hit country, which by some estimates is home to around 26% of all botnets. As many as 25% of all US computers may be part of a botnet, though it’s hard to know if those statistics are accurate.
What is certain is that botnets are widespread and growing, even attracting teenagers known as “script kiddies” who compete in building botnets. As a result, savvy computer users and administrators are taking steps to protect themselves from rootkits that cede access to hackers and script kiddies. Anti-rootkit software can be used to scan for existing rootkits, and other precautions can also be taken to minimize the risks of becoming part of a botnet.
Protect your devices with Threat Protection by NordVPN
