It’s freaky how the “Storm Botnet” has been reported by the media. It’s as if this was a natural phenomena like an ice age or El Nino. The average home user has no idea of the details and isn’t told what any of it means, only that they should be afraid. So, let’s see if I can break it down in layman’s terms:
What is a botnet? – A bunch of computers taken over by someone who doesn’t own them. Computers have to be infected by a virus. This virus installs a program which puts the computer under remote control. The party doing the controlling can then issue commands to the infected computers. So they are like an army of zombies! There, don’t you feel better now?
What do they do with these? – Oh, a zombie computer at your disposal can be quite a friend! Just a few handy uses your electronic slave can go to:
- Spam – Obviously. One spammer can be disabled by blocking their IP address. But a spammer with 5,000 machines doing his bidding can never be fully blocked.
- Packet Sniffing – As in, snooping on web traffic. With a botnet, you can track all kinds of private data all over the world. E-mail addresses, credit card numbers, PayPal accounts, passwords, user names, Digg accounts…
- Identity Theft – See, there’s this program called a “keylogger” which can record every key you type into a file and send it to the thief.
- File Storage – Imagine that you could offer pirated movies, virus builders, spamots, porn, and other illegal goodies from a remote computer. Use it for your website!
- DDoS – Distributed Denial of Service attacks aren’t hard to understand. When a site gets too much traffic too quickly, we say that it has been Dugg or Slashdotted. Now imagine one million computers all hitting a website at once every minute. This way, you can shut down any website you don’t like: Bzzzt!
How does this work? – Well, after the computer has been infected with the bot program, it usually connects to the Internet through a port on your system. This happens in the background; it is designed to be unobtrusive. Usually, the favored method is for it to connect to an IRC chat room. These are secret, private chat sessions established where many bot computers can receive their orders from the master.
Who is the evil genius behind this sinister plan? – No one! That is, it doesn’t take a genius to run these things, just somebody with a lot of time on their hands who downloads the software. Check out these classic hits:
- GT-Bot – Stands for “Global Threat”. Runs an mIRC session which is hidden.
- Agobot – A popular bot in C++ and released as GPL code! Very sophisticated, because it’s built to be modular and hence easily modified.
- Backdoor DSNX – Another IRC-controlled bot.
- W32/Sdbot – Coded in C, and released to the world under a GPL license as well, this one is less modular and only has limited features, but is still pretty mean.
- 6 Notable Computer Viruses
- The Home Computer Security Glossary
- What was the Internet Like Before the World Wide Web?
- The Further Rise Of The Machines
- How to deal with Spywares