The article will lead you first on what’s a botnet. It will then present some typical actions of a botnet. You can then go behind the scenes and understand the mechanism of a botnet and who does it (not to mention how it is controlled). Finally, after you’ve understood what a botnet is, you will get a real life solution for protecting against botnets.
Contents of this blog post:
1. What’s a botnet?
2. What does a botnet do?
3. The story behind a botnet – how it’s made and who does it
4. Who does a botnet?
5. How can one control a botnet?
6. Real life solution for protecting against botnets
7. Bibliography

1. What’s a botnet?
In one sentence, botnets are software applications that are executed autonomously on a computer.

Botnets can be controlled from distance, and since they can run autonomously, their power is quite large. The power of a bot is usually used for criminal activity. In computer terms, a botnet is generally represented by programs such as worms and trojans. The criminal activity that worms and trojans can do are: sending SPAM messages (SPAM emails are bulk messages that are not solicited), installing spyware, installing malware, click fraud, denial-of-service or presenting advertisements on the victim’s computer.

The term “botnet” comes from a combination of “robot” and “network” (thus a “network of robots”).

You can compare a Botnet with a terrorist group: they have a leader, they act with a purpose and their actions are autonomous. The leader can control the group from distance, and in most cases the terrorist group has bad intentions. Like in the real world, for botnets and terrorists, measures can be taken. You will find more on this at the end of the article.

2. What does a botnet do?
A botnet can be used to send SPAM messages via email to other computers. A computer infected by a botnet can also have a lot of advertisements for the owner of the computer itself (adware).

It can also be used to attacks on a computer, called denial-of-service (a lot of computers infected with bots access an Internet service, so that the target system becomes busy).

The owner of a computer infected with a bot can become a victim of spyware (these bots spy on the user’s activity, and provide to the owner of the bots private information).

Malware may also be installed. Malware is designed to damage a computer.

Yet another method is click fraud: the owner of a computer infected by a bot visits some web sites, just for the purpose of advertising (so the user not only sees an advertisement, but sees whole web sites).

3. The story behind a botnet – how it’s made and who does it
How is a bot made? First a small recap: botnets are software applications that are executed autonomously on a computer. Thus, as you can imagine, the software application must be first programmed by someone. So, the very first step is for someone with bad intentions to write software that does bad things.

The second step is for that software to get into a victim’s PC. The botnet and viruses are similar in this aspect: you can get a botnet from a friendly-looking email, from a web site or via a software download. There are a lot of ways to get either a botnet or a virus.

After the victim user gets infected with the bot, the bot contacts a web server (or an IRC server). This server is called command-and-control (C&C) server. Now the server can control the application on the victim’s computer.

The bot creator has some deals with persons with bad intentions: spammers, some advertisers, criminal organizations. Since the bot creator is in control of the bot on the victim’s computers, it can command it to do evil actions.

Finally, the bot server autonomously executes the given command.

4. Who does a botnet?
A criminal organization can create a botnet by itself, but generally botnets are done by software programmers. They don’t mind making illegal software as long as they are paid heavily.

A famous example of a bot net is “The Storm botnet” or “Storm worm botnet”. This is a botnet that was linked by the Storm Worm, a Trojan horse spreading via email. The size of the Storm botnet is estimated to hundreds of thousands, perhaps millions of computer systems.

The Storm botnet was used for different criminal activities. Some of the main targets of the botnet have been the online operations of security vendors and researchers (because they attempted to investigate the botnet).

5. How can one control a botnet?
The control of a botnet is done via Internet. A person holding a server (on a web page or IRC channel) commands a large number of botnets on the computers of victims via Internet.

Often when a Bot joins an IRC channel it will log in with a password. This prevents control from other people.

6. Real life solution for protecting against botnets
The first thing to do is know about botnets. You can then take the decision if your personal data are important to you, if you want to let your computer be used for SPAM (to others and even to you), denial-of-service-attacks and click fraud. You may decide that these are not important to you, but knowing more about the risks is the first thing to do.

If you decide that you should be more attentive to botnets, you should have a better care over what you allow to run on your computer. You should have the latest version of the browser (and update it regularly) and most of all don’t visit just any web site. Crack and warez web sites are known for distributing malware software, including botnets. When you are on chat rooms you should not accept any file (a file with multiple extensions, like file.avi.zip or file.mp3.scr might be a botnet).

Even with care from your side, some software does get executed on your local machine. To add an extra security, you should use an Internet Security suite. This is a very good measure to protect your computer against botnets. Even better is to update your Internet Security from time to time, or let it automatically update.

7. Bibliography
I’ve read and used resources from:
1. Botnet article on Wikipedia;
2. Honeynet article on bots;
3. Definition of botnet on SearchSecurity.com;
4. Article on Microsoft.com on zombies and botnets;
5. FAQ on botnets by techFAQ;
6. Robot Wars – How Botnets Work article;
7. Botnets, Hackers and SPAM (OH MY!) article on OnGuard Online.