So I’m kind of interested in network security and therefore exploits and botnets are things I often read about. Many people are not at all aware of what is going on on the internet with exploits and happily just buy an anti-virus package and think they’re safe. I’m convinced that that’s not the solution at all but that’s another topic all together. I figured that I would talk about some of the botnets alone that are going around recently(some though, have been around for many years).
So what is a botnet even you may be wondering. A botnet is a term for a group of computers, home and office machines and high performance servers that have been exploited and are now listening to a central server(called Command & Control, C&C.). Then at the C&C the owner can issue commands to take down sites or machines, you’ve probably heard of a site going down, it was probably because of a botnet. You’ve probably heard of some kind of internet worm or virus going around and spreading, they’ve made news over in The Netherlands at least. Those are just some examples of exploits going around to (often) recruit for botnets so that they can be used to send spam, take down a site, steal your information such as passwords or simply spread to more machines. It’s kind of typical to see that the amount of attacks my company’s servers receive are much higher during working days than during the weekend for example.
Recently the IMDDOS botnet was in the news all over the tech sites and even some more regular newspages. This was because this botnet is very commercially selling it’s services to take down sites, ranging in price from free to $1500/year which is actually really cheap for most botnet software, most of such software costs many thousands of dollars to purchase. Now IMDDOS is a very rapidly expanding botnet, mostly in China and other asian countries but there have been a number of infections all over the world. The actual growing rate has been reported to be 10.000 machines per day for this botnet alone.
So IMDDOS is actually a very classic botnet other than it’s commercial approach, there are some cool concepts going around in the world of botnets as since the launch of twitter several have switched from the traditional IRC channels(Chat software) to using twitter to regulate themselves. Now I think it’s quite an interesting and cool way of controlling the botnet and the techniques used in some of them aren’t actually that hard to understand. One thing that a control method such as twitter has though is that it allows the person to essentially walk up to a company and extort money from them or take down their business with the push of a button. If you’re thinking “Why don’t the Administrators just block the traffic?”, sadly it’s nigh-on impossible to really block it without an expensive device costing several tens of thousands of dollars and that’s not something most companies can afford to spend on the off-chance that it happens to them.
The problems of these botnets is often that they’re nearly impossible to destroy as they have many command servers spread all over the world, there have been many instances of people talking to many internet and hosting providers and lawyers for several years to arrange a day to take all the servers offline, rendering the botnet useless, only for them to miss one or two servers and seeing the botnet being back to full operating stature within 24hours. It’s not some kid sitting in his mom’s basement, it’s actually very organized and there is a lot of money going around in the underworld.
Another interesting factor among these bots is that they’re highly competitive, even going so far as to wage wars on eachother and actually attack eachother. A good example of this and probably the best known too is if your PC has been infected with the rampant Zeus trojan and manage to get infected by SpyEye, another big name, it might even remove or convert the Zeus infection to weaken it’s competition.
So perhaps it’d be a good word of advice to not simply trust your antivirus and pay attention to what you’re doing and what is being installed on your machine as anti-virus software often gets a miserable detection rate against the stuff you really don’t want on your system. There are other more effective measures you can take instead.