All of you have heard about the botnet more than once. But do you know what it is at all? What is it for? And how not to become its victim. If not, then be sure to read this article. In fact, a botnet is a kind of zombie network. It contains ordinary users who pump all sorts of shit on their computer. More precisely, it is infected software that performs certain tasks without the owner’s knowledge. You are shaking some file you need, like a courseware. And it is really there, but in addition to that, malware is poured on your computer. Which, of course, you do not suspect.
Botnet is a network of computers infected with Backdoor malware behavior. Backdoors allow cybercriminals to remotely manage infected machines (each individually, a portion of the networked computers, or the entire network) without the user’s knowledge. Such programs are called bots.
Bots have powerful computing resources, are a formidable cyber weapon and a good way for cybercriminals to make money. At the same time, the botnet owner can control infected machines that are part of the network from anywhere: from another city, country or even from another continent, and the organization of the Internet allows you to do this anonymously.
A hacker can install such bots on computers to millions of people around the world in a short period of time, naturally without their demand. In this case, the possibilities of the programs are very great. This can be the usual collection of personal information, conducting illegal activities, mining farms, stealing passwords. The owner of a company may not guess about anything until the Internet is turned off or the money is lost from the accounts.
Who benefits from botnets?
In short, all the comps that are in one network and controlled by one person – serious weapon. The person who controls all this has the ability to really raise the dough. He can manage the whole process from anywhere in the world. The main thing is to have the Internet and a computer, or rather any device from which you can access the Internet. Today, botnets perform more serious tasks. For example, a person who sends spam from “infected” computers, can earn up to 100-200 thousand Euros per year. At the same time, not the hacker, but the owner of the company will fly over the head, because spam was sent from his device. Example, an account on Mile Roux or in the social network VKontakte may be banned for sending spam, and the user may not be aware of the case and at the same time genuinely indignant.
Today, the botnet is very actively used for blackmail. All comps included in the network can be used for DoS attack on a specific site. Because of this attack, the site will fall down and will no longer function. This can go on indefinitely until the victim pays a certain amount or gives out some information.
The owner of the Smartresponder mailing list site Maxim Heeger was forced to pay a large sum to a hacker from London, who organized a DDoS attack on his site using the latest technology. While negotiations were going on between them, the Smartresponder site was unavailable for several days. Today, even well protected government, banking and other serious sites are often attacked.
Attackers often use the capabilities of botnets to anonymously access the Internet under someone else’s IP to steal passwords and crack websites. At the same time, such powerful networks can be leased out for specific tasks.
Also botnets are often used for mining cryptovolves. To perform mining, you need to have a large number of computers to solve tasks. And who can help with this, as not zombie users?
Is my computer infected with a bot?
Answering this question is not easy. The fact is that it is almost impossible to track bot interference in the daily work of the PC, because it does not affect the performance of the system. There are, however, a few signs that indicate that the system has a bot:.
– unknown programs try to connect to the Internet, which is periodically reported by the firewall or antivirus software;
– the Internet traffic becomes very high, although you use the Network very moderately;
– new processes appear in the list of running system processes, masquerading as normal Windows processes (for example, a bot can have the name scvhost.exe – this name is very similar to the name of the Windows system process svchost.exe; it is difficult to notice the difference).
Pathways of infection with the botnet
🔻 Directly cracking a company or local network by searching passwords to gain access on behalf of the administrator. Most often, such attacks are carried out specifically on private networks of large companies for espionage. They require a lot of resources for hackers, so they are practically not used to crack ordinary users.
🔻 It is also easy to infect a computer if there is a hole or vulnerability in the software code. The scale can be astounding. For example, a hacker detects a hole somewhere in Windo 10 and everyone who uses it is automatically threatened. Usually, when such vulnerabilities are detected, software developers react quite quickly and fix them with updates. So, always update your computer!
🔻 Infect your company with authorized access. This infection variant can be either targeted or accidental. Imagine that you gave your computer away for repair. To save money, you have chosen the cheapest price and have not even seen the legality of the company. And asked the master to set you a hacked trip. Photoshop or a Word. And he accidentally installed the infected software together with these walks. However, he does not even know about it, and neither do you. And also, if it’s some novice basement hacker, he can specifically fill you with infected software and hey, botnet. So, I recommend you to use only verified wizards.
🔻Инфицирование by connecting infected flash drives. Everything is simple, stick a flash drive, and the computer is not disabled autorun removable storage devices, that is, the possibility that the virus can easily get on your computer. The best way to fight this way of spreading the infection is to disable autorun for CD and USB flash drives.
🔻 Infection by misleading the user. Perhaps the most common way to infect computers around the world. Social engineering, advertising, spamming, in a word everything that can make a hapless user install the virus on his computer. Usually viruses go “in the load” to some useful program.
To use botnets
Bots can be used by cybercriminals to solve criminal tasks of various scales: from spamming to attacks on state networks.
Spamming. This is the most common and one of the easiest options to use botnets. According to expert estimates, currently over 80% of spam is sent from zombie machines. Spam from botnets is not necessarily sent by network owners. Spammers can rent a botnet for a fee.
It is spammers who can appreciate the botnet’s efficiency: according to our data, an average spammer earns 50-100 thousand dollars a year. Thousands of botnets allow spammers to send millions of mailings from infected machines within a short time. In addition to providing speed and scale, botnets also solve another spammer problem. The addresses from which spam is actively sent are often blacklisted by mail servers, and mail coming from them is blocked or automatically marked as spam. Sending spam from hundreds of thousands of zombie machines allows not using the same addresses.
The only “bonus” of botnets is the ability to collect email addresses on infected machines. Stolen addresses are sold to spammers or used to send spam by the botnet owners themselves. At the same time, a growing botnet allows new and new addresses to be received.
Cybershantage. Bots are also widely used for DDoS attacks (Distributed Denial of Service). In the course of such an attack, a stream of false requests to the attacked server on the Internet is created from infected machines. As a result, the server becomes unavailable to users due to overload. As a rule, the attackers demand a ransom for stopping the attack.
Today, many companies work only through the Internet, and for them, the unavailability of servers means a complete stop of business, which, of course, leads to financial losses. To restore stability to their servers as soon as possible, such companies are more likely to meet the blackmailers’ demands than to turn to the police for help. This is exactly what cybercriminals are counting on, so DDoS-attacks are becoming more and more.
DDoS attacks can also be used as a political tool. In these cases, it is usually used to attack the servers of government agencies or government organizations. The danger of such attacks is also that they can be provocative: cyberattacks of servers in one country can be carried out from servers in another country, and can be managed from the territory of a third state.
Anonymous access to the Network. Attackers can access servers on the Web using zombie machines, and commit cybercrimes on behalf of infected machines, such as hacking into websites or transferring stolen money.
Sale and lease of botnets. One of the variants of illegal earning with the help of botnets is based on leasing a botnet or selling a ready-made network. Creating botnets for sale is a separate area of cybercrime business.
Phishing. Phishing page addresses can get blacklisted quite quickly. A botnet allows phishers to quickly change the address of a phishing page using infected computers as proxy servers. This allows to hide the real address of the web server of the phisher.
Theft of confidential data. This kind of criminal activity will probably never stop attracting cybercriminals, and with the help of botnets catching various passwords (for access to E-Mail, ICQ, FTP-resources, web-services) and other confidential user data increases thousands of times! A botnet that infected computers on a zombie network can download another malicious program, such as a Trojan that steals passwords. In this case, all the computers that are part of this zombie network will be infected by a Trojan, and attackers will be able to get passwords from all the infected machines. Stolen passwords are resold or used, in particular, to mass infect web pages (e.g. passwords for all found FTP accounts) for the purpose of further spreading the malicious bot program and extending the zombie network.
In general, the prospect of becoming a victim of a botnet is not encouraging. Therefore, here are several ways to protect yourself from penetration:.
◾использовать firewall and do not ignore its warnings;
◾не open suspicious email attachments or social networking messages;
◾на look carefully at which buttons you click when downloading programs;
◾не to give in to provocative advertising that promises a big win after downloading and installing something;
◾использовать only updated software;
◾не use autorun flash drives and disks;
◾всегда back up the most important data and store it outside your computer.
Every year, botnets are evolving and becoming more difficult to detect. Even anti-viruses often let it pass you by. So you should not rely on them. Be careful when downloading stuff and don’t forget to update your computer in time!
Examples of known botnets
Mirai and Reaper
According to a report published by Fortinet in August 2018, Mirai was one of the most active botnets. Two years after its creation, the Mirai botnet has new features, such as the ability to turn infected devices into malicious proxy software complexes and mining devices. Bots are often used for mining cryptovolves. During mining, hackers can use the victim’s computer hardware and electricity to minimize the bitcoins.
Mirai is just the beginning. August 2017, the engineers at Check Point found a new botnet known as IoTroop and Reaper. It hacks devices on the Internet of things even faster than Mirai. Mirai infects vulnerable devices that use default passwords and user names. Reaper went further, cracking about a dozen devices from different vendors through vulnerabilities – including devices from well-known companies such as D-Link, Netgear, and Linksys. The Reaper botnet is also flexible, allowing hackers to easily update its code.
Reaper was used in attacks on European banks last year.
To date, botnets are one of the main sources of illegal earnings on the Internet and a formidable weapon in the hands of criminals. There is no need to expect cybercriminals to give up such an effective tool, and security experts are looking to the future with anxiety, waiting for further development of botnet technologies. The danger of botnets is exacerbated by the fact that their creation and use is becoming an increasingly simple task, with which even schoolchildren will be able to cope in the near future.