Breaking into user accounts, spreading fraudulent websites, sending bulky or dangerous spam emails, trick people into sharing their personal information, infecting millions of computers with malware, denying access to whole parts of the Internet ... these are some of the dangerous things a hacker can do.
And all of these attacks, along with others, would be nearly impossible without one of the most dangerous and common tools in the hacker's toolkit: the botnet.
What is a botnet?
A botnet is a network of infected computers that, under the control of a single master computer, work together to achieve a goal. It may sound simple, almost harmless, but as the paragraph above attests, it is the driving force behind some of the worst attacks hackers can attempt.
A botnet has two components: First, it needs a large network of infected devices, called “zombies,” to do the heavy lifting and support whatever efforts the hacker has planned. Second, they need someone to control them, this is often a control center, also called a "bot herder" (and not a "necromancer" for some reason unknown to us). Once these elements are in place, the botnet is ready to wreak havoc.
How do botnets work?
The basic premise of how botnets work is a bit too complex for even an article of this scope, but luckily it's not that important. Understanding the outline of this particular threat should be enough to get a sense of its magnitude and the risk it poses to all internet users.
There's a reason you can make a career out of making computers interact: Knowing how to effectively set up a network is just as important as making it work. To this end, botnets are configured in two main ways: the Client-Server model and the Peer-to-peer model.
1) The Client-Server model
The Client-Server model is an old-fashioned way, where "zombies" received their instructions from a single location, usually a website or a shared server. Even though it was sufficient at one time, its use also meant that incapacitating a botnet was very simple: all you had to do was take the website or server apart and the whole system would collapse.
2) The peer-to-peer model
The Peer-to-Peer model corrects the weakness of the Client-Server model. In this system, each infected computer communicates directly with a few others on the network, and those few others are connected to others, which are connected to still others until the whole system is chained. This way, deleting one or two devices is not a problem because others can take over.
Either way, ensuring that only the control center owner can… well, controlling the network is of utmost importance. This is the reason why the template uses digital signatures (much like special code) to ensure that only commands issued by the hacker (or whoever the hacker also sold the botnet to) are broadcast on the whole network.
How botnets are created
It's all well and good to have a network configured, but now the devices must "join" it. This is possible with the help of a small element that you should recognize: a Trojan horse!
A Trojan horse is a piece of malware that tries to sneak onto a computer pretending to be something more benign… you know, like its namesake. Trojans are popular enough to hide in phishing emails, but they are also found on pirated software and are sometimes the payload of malvertising attacks. However, for this article, the important thing is not how hackers get them onto your PC, but rather what they do next.
When the Trojan is on the computer, a “backdoor” will open, allowing the hacker to access and control certain aspects of the PC or other connected device. Usually, Trojans allow hackers to take only a few actions, which is enough to cause serious problems, such as setting up a botnet. The good news is that Trojans usually don't spread on their own or attempt to spread (although there are botnets that are exceptions to this rule). However, a Trojan horse can remain "on standby", and therefore invisible, until the hacker decides to use it.
When enough computers have these backdoors built-in, the hacker combines them into a single network to successfully create a botnet.
What can you do with a botnet?
Despite all its complexity, a botnet allows hackers to do only two things: send items quickly or force each computer to do the same thing at the same time. But, with creativity, even a simple tool can become dangerous, and hackers have found ways to use botnets to do some pretty surprising, if not terrible, tasks.
How not to join a botnet
Although botnets are much more complex and far-reaching, you can protect yourself against them just like you protect yourself from any other malware:
- Do not download files that you think are suspicious.
- Do not click on online ads.
- Don't fall for phishing emails.
- Keep a powerful antivirus on your computer, such as the Free AntiVirus
Comments
Post a Comment