Botnets are not a new threat, but they are a serious one. Amassing the resources of possibly millions of compromised PCs, attackers use that combined power for all sorts of nefarious activities.
Since their inception, botnets have been one of the more difficult threats to neutralize, and new and innovative techniques are making this malware even more difficult to stop.
Bots: the building blocks of botnets
Bots — shorthand for “robots” — are not inherently malicious and come in various forms, such as web crawlers, Internet bots, chat bots, IRC bots, and gaming bots. Search engines, for example, use bots as web crawlers — small apps that sweep up information about other websites. IT admins could use them to automate or remotely initiate specific tasks.
Bots can emulate human interactions on computers — though at much faster speeds than true human interactions. For purposes of this discussion, bots are applications installed on personal computers. They typically monitor a designated Internet Relay Chat (IRC; more info) channel for specified commands. They then act on those commands.
It didn’t take long for cyber criminals to see the potential power in bots. If a bot can perform remote tasks for admins, it can also execute malicious code on behalf of an attacker. They also discovered that their malicious bots could be easily scaled, quickly compromising and linking tens of thousands or even hundreds of thousands of PCs.
Once infected, those systems would join a botnet, quietly monitoring an IRC channel — and wait for instructions. (For Star Trek fans, the Borg will immediately come to mind.)
Taking control starts with phoning home
In most cases, when a botnet executable compromises a PC, its first action is to connect with an Internet-based command-and-control (C&C) server and request instructions. Usually, it’s directed to download additional malware components — code that will help the botnet remain hidden on the compromised system. It might also be instructed to download malicious code that a cyber criminal wants spread to other systems.