Fighting botnets effectively

Botnets are just as formidable as worms, Trojans and spam. According to those in the know, 25% of computers connected to the Internet are part of a botnet network. That’s why it’s so important to know what they are, how they work and what you can do to eradicate them.

A better understanding of botnets

A botnet is a network of bots managed by a botmaster from a server. All these hackers’ botnets are considered malicious bots. They have been put into service with the intention of harming all Internet users. Networked computers are infected by viruses and Trojans. These infections draw on the resources they need to grow and multiply.

Botnet size is not definable. It can range from several thousand to several million computers. Some botnets are already well known to Internet users, due to their scale or intensive activity. The origins of the botnet go back to the days of IRC chat. The hijacking of bots began with the introduction of advanced bots like eggdrop on IRC.

The use of botnets

Today’s botnets offer botmasters several possibilities. They use them for denial-of-service attacks, spamming, illegal information retrieval, phishing and to maximize the resources of the machines they invade. These examples are not exhaustive, but the possibilities offered by botnets are very broad.

Botnets are used by hackers primarily for commercial purposes. The greater the number of bots, the greater the resources generated. All the proposed botnets are used with the intention of harming Internet users. A standard pricing system is even proposed by connoisseurs and insiders. Botnets are also a favorite weapon of activist groups. Some companies have also been blackmailed by botmasters.

The best-known botnets

There are several types of botnet currently operating on the Internet, but the best-known are those using the IRC protocol, those connecting via the peer-to-peer network, HTTP botnets and botnets exploiting Web 2.0/Ajax. To set up a botnet, hackers try to infect as many computers as possible on the web with malware, Trojans, SQL injections, Cross Site Scripting and more.

Once the target has been reached, the computer is transformed into a bot and integrated into the botmaster’s network. It will be able to update itself, self-modify and protect itself from antivirus software. The bot can also configure the system to protect itself against all kinds of protection measures put in place by the owner. Botnets operate without the computer owner’s knowledge, i.e. they send spam or perform denial-of-service attacks without the user’s knowledge.

Protecting yourself from botnets

To combat botnets, specialists suggest that users integrate Real-time Black Lists or DNS-based Blackhole Lists into their anti-spam engine, monitor their company’s IRC traffic, protect their local network by managing passwords or setting up a firewall or IDS/IPS.