What are Botnets?
A man reads a headline about a major international heist, completely oblivious to the role he played in the crime. This may sound like the plot to the latest Hollywood spy thriller, but it happens every day in the world of cybercrime.
Welcome to the botnet.
Even now, your computer could be aiding a distributed denial-of-service (DDoS) attack against a major website, all thanks to a tiny malicious software program called a bot that you may have picked up from a spam e-mail or an infected website. What's more, you wouldn't have even realize it.
Bots are designed to work like agents that report to a central computer or computers controlled by a botmaster. When millions of machines are infected with the same type of bot, they make up a massive collective known as a botnet.
"It basically allows a single person or a group to leverage the power of lots of computers and lots of bandwidth that they wouldn't be able to afford on their own," says Joe Stewart, director of Malware Research for Dell SecureWorks CTU security research team.
Unfortunately for the owners of infected computers, botmasters are interested in far more than DDoS attacks.
"Once the host is compromised, it becomes part of a botnet and it connects to some kind of command and control infrastructure," says Giovanni Vigna, University of California, Santa Barbara professor and LastLine, Inc. co-founder. "The bots report back and say, 'Hey, what should I do?'"
Botmasters have numerous underhanded answers to this question, turning host computers into cybercrime weapons, spam-distrusters, spies or even cash machines.
"There are bots out there designed not to attack third parties, but to steal information off your computer," says Stewart. "Or they take money out of your bank account. So there’s definitely a risk to the individual."
In other words, this isn't simply a matter of vandalism or hacktivism — it's about stealing your bandwidth, your money and your identity.
Fighting Back Against Botnets
How can we fight back against millions of zombie computers yoked to the self-serving whims of nefarious botmasters? Individually, a lot of it comes down to maintenance and common sense.
"On a very broad level, there are two things you can do to protect your computer," says Vigna. "Keep your software updated, and do not install software that tells you it’s an antivirus program, because most of the time, it’s actually malware."
These tips outline the two main ways botmasters take command of host systems. In the case of malware disguised as antivirus software, the hacker's tactic is one of trickery and social engineering. But many bots gain access to a host system through the exploitation of programming weaknesses. Therefore, just as a besieged city needs to maintain its walls against an enemy, so too should a user keep his or her software updated.
"You can never prevent malware 100 percent," says Stewart. "You can install antivirus or security filter software but the bad guys have access to the exact same tools. They know what is being protected, what isn't, and they'll find a workaround for it. So, it really comes down to, you know, making yourself less of a target."
HOWSTUFFWORKS: How Zombie Computers Work
Smart Internet users can reduce their risk of attack by gravitating to lesser-used Web browsers and altering online behavior to reduce risk, says Stewart.
"One of the ways these guys will get new income is by implanting exploits into a third party site that they hack into," says Stewart. "So the more you're surfing on the net, the more you actually increase your exposure. So what we try to do is have people be a little safer on how they're doing that, such as using a web browser that allows you to disable advanced scripting."
On a wider scale, Internet security groups have collaborated with government agencies to research and identify as many botnets as possible. These efforts have even led to high-profile arrests such as the July 2010 capture of a Slovenian hacker responsible for an estimated 12.7 million-computer botnet.
Still, don't let the headlines fool you: Botnets will continue to be a problem for decades to come.
"Botnets will be with us until the way computing works is fundamentally changed at the lowest level," Stewart says. "Right now, we’re dealing with a legacy architecture that was invented back in the '70s. None of this was envisioned, so nobody designed any security into the lowest layers."
Photo: Getty Images/Chip Simons