Professional Documents
Culture Documents
BTIT603: Cyber and Network Security: Botnet
BTIT603: Cyber and Network Security: Botnet
BTIT603: Cyber and Network Security: Botnet
Security
Botnet
To better understand what botnets are and how botnets function, consider that
the name itself is a blending of the words “robot” and “network”. In a broad
sense, that’s exactly what botnets are: a network of robots used to commit
cyber crime.
The term botnet is derived from the words robot and network. A bot in this
case is a device infected by malware, which then becomes part of a network, or
net, of infected devices controlled by a single attacker or attack group. The cyber
criminals controlling them are called botmasters or bot herders.
Botnets are the workhorses of the Internet. They’re connected computers
performing a number of repetitive tasks to keep websites going.
In general, hackers tend to look for low-hanging fruit. If you can mount even
basic defenses, botnets and other forms of malware are going to look for
easier targets
Lokendra Vishwakarma, Assistant Professor, SVIIT-
9 SVVV, Indore
Notable botnet attacks
1. Zeus
The Zeus malware, first detected in 2007, is one of the best-known and widely used
malware types in the history of information security.
Zeus uses a Trojan horse program to infect vulnerable devices and systems, and variants
of this malware have been used for various purposes over the years, including to spread
CryptoLocker ransomware.
Initially, Zeus, or Zbot, was used to harvest banking credentials and financial
information from users of infected devices. Once the data was collected, attackers used
the bots to send out spam and phishing emails that spread the Zeus Trojan to more
prospective victims.
In 2009, cybersecurity vendor Damballa estimated Zeus had infected 3.6 million hosts.
The following year, the FBI identified a group of Eastern European cybercriminals who
were suspected to be behind the Zeus malware campaign; the FBI later made more than 100
arrests in the U.S. and Europe.
The Zeus botnet was repeatedly disrupted in 2010, when two internet service providers
that were hosting the C&C servers for Zeus were shut down. However, new versions of the
Zeus malware were later discovered.
Lokendra Vishwakarma, Assistant Professor, SVIIT-
10 SVVV, Indore
2. Srizbi
The Srizbi botnet, which was first discovered in 2007, was, for a time, the
largest botnet in the world. Srizbi, also known as the Ron Paul spam botnet, was
responsible for a massive amount of email spam -- as much as 60 billion
messages a day, accounting for roughly half of all email spam on the internet at
the time. In 2007, the Srizbi botnet was used to send out political spam emails
promoting then-U.S. Presidential candidate Ron Paul.
The botnet used a Trojan to infect users' computers, which were then used to
send out spam. Experts estimated that the Srizbi botnet included approximately
450,000 infected systems.
The cybercriminals behind Srizbi used San Jose, Calif.-based hosting
provider McColo for the botnet's C&C infrastructure. The botnet's activity
ceased when McColo, which was discovered to be hosting other botnet and
spam operations, as well, was shut down in 2008.