The Storm Botnet: What’s This About?

Posted by: Rea Maor In: Security and Prevention - Thursday, September 20th, 2007

It’s freaky how the “Storm Botnet” has been reported by the media. It’s as if this was a natural phenomena like an ice age or El Nino. The average home user has no idea of the details and isn’t told what any of it means, only that they should be afraid. So, let’s see if I can break it down in layman’s terms:

What is a botnet? – A bunch of computers taken over by someone who doesn’t own them. Computers have to be infected by a virus. This virus installs a program which puts the computer under remote control. The party doing the controlling can then issue commands to the infected computers. So they are like an army of zombies! There, don’t you feel better now?

What do they do with these? – Oh, a zombie computer at your disposal can be quite a friend! Just a few handy uses your electronic slave can go to:

  • Spam – Obviously. One spammer can be disabled by blocking their IP address. But a spammer with 5,000 machines doing his bidding can never be fully blocked.
  • Packet Sniffing – As in, snooping on web traffic. With a botnet, you can track all kinds of private data all over the world. E-mail addresses, credit card numbers, PayPal accounts, passwords, user names, Digg accounts…
  • Identity Theft – See, there’s this program called a “keylogger” which can record every key you type into a file and send it to the thief.
  • File Storage – Imagine that you could offer pirated movies, virus builders, spamots, porn, and other illegal goodies from a remote computer. Use it for your website!
  • DDoSDistributed Denial of Service attacks aren’t hard to understand. When a site gets too much traffic too quickly, we say that it has been Dugg or Slashdotted. Now imagine one million computers all hitting a website at once every minute. This way, you can shut down any website you don’t like: Bzzzt!

How does this work? – Well, after the computer has been infected with the bot program, it usually connects to the Internet through a port on your system. This happens in the background; it is designed to be unobtrusive. Usually, the favored method is for it to connect to an IRC chat room. These are secret, private chat sessions established where many bot computers can receive their orders from the master.

Who is the evil genius behind this sinister plan? – No one! That is, it doesn’t take a genius to run these things, just somebody with a lot of time on their hands who downloads the software. Check out these classic hits:

  • GT-Bot – Stands for “Global Threat”. Runs an mIRC session which is hidden.
  • Agobot – A popular bot in C++ and released as GPL code! Very sophisticated, because it’s built to be modular and hence easily modified.
  • Backdoor DSNX – Another IRC-controlled bot.
  • W32/Sdbot – Coded in C, and released to the world under a GPL license as well, this one is less modular and only has limited features, but is still pretty mean.

Related Posts:


2 Responses to “The Storm Botnet: What’s This About?”

  1. The Storm Botnet: What’s This About? Says:

    […] Storm Botnet: What’s This About? Hatch: The Design Public® Blog wrote an interesting post today onHere’s a quick excerpt It’s freaky how the “Storm […]

  2. Arnold Says:

    I was planning to do something similar but using remote desk top in process mode. But I found out that is way too much trouble to make work. Are the programs above easier to set up?
    Do you know of any python scripts that would do the same?

    Thanks!

Leave a Reply