Zombies (Bot and Botnets)

-
Bot :
A ‘bot’ is a type of malicious code that allows an attacker to take complete control over the affected computer – turning the computer into a “robot” that the criminal can remotely control. Once infected, these machines may also be referred to as ‘zombies’.

While taking over one computer is useful, the real value comes from collecting huge numbers of computers and networking these so they can all be controlled at once (a botnet). There are between 100-150 million computers worldwide (out of 600 million PCs on the Internet) infected with bots and under the control of hackers.

 Botnet :
A botnet is a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks.
A botnet may also be known as a zombie army.

Originally, botnets were created as a tool with valid purposes in Internet relay chat (IRC) channels. Eventually, hackers exploited the vulnerabilities in IRC networks and developed bots to perform malicious activities such as password theft, keystroke logging, etc.

 An attacker will often target computers not safeguarded with firewalls and or anti-virus software. A botnet manipulator can get control of a computer in a variety of ways, but most frequently does so via viruses or worms. Botnets are significant because they have become tools that both hackers and organized crime use to perform illegal activities online. For example, hackers use botnets to launch coordinated denial-of-service attacks, while organized crime uses botnets as ways to spam, or send a phishing attack that is then used for identify theft.
Even more concerning is the industry that has sprung up around botnets in which bot herders build botnets specifically to "rent" to the highest bidder. Whether they send spam, adware spyware, viruses/worms, etc., botnets can be used to perpetrate just about any type of digital attack.

Example: Zeus Botnets


Zeus is a Trojan horse for Windows that was created to steal bank information using botnets. First discovered in 2007, Zeus spread through email, downloads, and online messaging to users across the globe. Zeus botnets used millions of zombie computers to execute keystroke logging and form grabbing attacks that targeted bank data, account logins, and private user data. The information gathered by Zeus botnets has been used in thousands of cases of online identity theft, credit card theft, and more.
Botnet Detection and Prevention
Botnet detection can be difficult, as bots are designed to operate without users’ knowledge. However, there are some common signs that a computer may be infected with a botnet virus . While these symptoms are often indicative of bot infections, some can also be symptoms of malware infections or network issues and should not be taken as a sure sign that a computer is infected with a bot.
  • Problems with Internet access.
  • IRC traffic (botnets and bot masters use IRC for communications).
  • Connection attempts with known C&C servers.
  • High outgoing SMTP traffic (as a result of sending spam).
  • Multiple machines on a network making identical DNS requests.
  • Slow computing/high CPU usage.
  • Unexpected popups (as a result of clickfraud activity).
  • Outbound messages (email, social media, instant messages, etc) that weren’t sent by the user.
  • Spikes in traffic, especially Port 6667 (used for IRC), Port 25 (used in email spamming), and Port 1080 (used by proxy servers).
There are several measures that users can take to prevent botnet virus infection.Since bot infections usually spread via malware, many of these measures actually focus on preventing malware infections. Recommended practices for botnet prevention include:
  • Network baselining: Network performance and activity should be monitored so that irregular network behavior is apparent.
  • Vigilance:Users should be trained to refrain from activity that puts them at risk of bot infections or other malware. This includes opening emails or messages, downloading attachments, or clicking links from untrusted or unfamiliar sources.

  • Anti-Botnet tools: Anti-botnet tools provide botnet detection to augment preventative efforts by finding and blocking bot viruses before infection occurs. Most programs also offer features such as scanning for bot infections and botnet removal as well. Firewalls and antivirus software typically include basic tools for botnet detection, prevention, and removal. Tools like Network Intrusion Detection Systems (NIDS), rootkit detection packages, network sniffers, and specialized anti-bot programs can be used to provide more sophisticated botnet detection/prevention/removal.

  • Software patches: All software should be kept up-to-date with security patches.

Comments

Post a Comment

Popular posts from this blog

What Is Global Positioning System - Introduction To GPS - How It Works

-
Image
The Global Positioning System (GPS) is a satellite-based navigation system made up of at least 24 satellites. GPS works in any weather conditions, anywhere in the world, 24 hours a day, with no subscription fees or setup charges. The U.S. Department of Defense (USDOD) originally put the satellites into orbit for military use, but they were made available for civilian use in the 1980s. GPS or Global Positioning System is a network of orbiting satellites that send precise details of their position in space back to earth. The signals are obtained by GPS receivers, such as navigation devices and are used to calculate the exact position, speed and time at the vehicles location. GPS is well-known for its military uses and was first developed by the US to aid in its global intelligence efforts at the height of the Cold War. Ever since the early 1980s, however, the GPS has been freely available to anyone with a GPS receiver. Airlines, shipping companies, trucking firms, and drivers
Read more

List of Hijacking of Indian Aeroplanes - 1971, 1981, 1982, 1984, 1993, 1999

-
Image
1971 January 30 : An Indian Airlines plane on its way from Srinagar to Jammu was hijacked by Hashim Quereshi and Ashraf Quereshi of the JKLF, who took it to Lahore. Zulfikar Ali Bhutto, then Foreign Minister of Pakistan rushed to Lahore and met the hijackers and helped them get maximum international publicity. On February 1, he persuaded them to release the crew and passengers who were then sent by road to Amritsar. The Government of India sought permission of Pakistan to send a replacement crew to fly the aircraft back to India. Pakistan authorities denied the permission. Instead it is alleged they supplied petrol to the hijackers with which they burnt the aircraft on February 2. From Lahore Airport the hijackers were taken into a procession as heroes. 1981 September 29 : An Indian airlines plane on flight from Srinagar to Delhi is hijacked by Sikh Terrorists and taken to Lahore. Pakistan took commando action and got all passengers released. 1982 August 22 : A lone mili
Read more