February 2008

Botnet—The Evil Network

Obtained from author with the author's permission for publication by APCUG member groups.

This one might even be too much for Webman. There is a community of evil geeks who own a number of computers that are used exclusively for delivering viruses.

Usually backdoor Trojans, the virus is designed to infect the average computer users machine when launched periodically from the evil geeks' "Zombie" machines. The virus does not necessarily cause problems on the targeted computers but it uses these average users' machines to deliver spam. With this chain reaction method, huge quantities of spam can be spread with very little chance of tracing it to the source. ISP's have admitted they spend more of their resources on combating these "Botnets" than the old-fashioned crackers and hackers.

"If you suspect you are being used as a pigeon for a botnet operator, it is worthwhile downloading a good, tested anti-virus application that has a tracking firewall. The usual symptom that suggests there is a botnet present is a dramatic slowdown in performance."

Aside from cluttering up the internet with spam, the botnet can deliver "denial of service" attacks. This is a serious financial concern for companies trying to establish themselves on the internet as well as institutions that provide important community services.

The usual routine is, the spammer, who wants to get a message out to the world, pays the botnet operator, who then sends the file to his zombies which in turn launches the spam to the innocent distributors. Sometimes, banks of computers in offices and institutions are commandeered by the botnet operator for this criminal activity.

In preparing this article, I could not find proof as to how the original virus is delivered to the unsuspecting so I am assuming it is the usual method. Either the user clicks on a deceptive button while surfing the net and triggers a download, or an email attachment is opened unwittingly. The culprits often use a harvesting program that goes to the ISP server and gathers all their email addresses. Some mass mail programs actually send email to the addresses on the server at the same time they are collecting the addresses for future use.

Botnet applications are cleverly designed so they often escape detection by anti-virus software. However, some firewalls such as ZoneAlarm will track incoming and outgoing calls so if the user is patient enough to investigate each of the unidentified communiqués going on between the hard drive and the internet, the botnet may be found.

If you suspect you are being used as a pigeon for a botnet operator, it is worthwhile downloading a good, tested anti-virus application that has a tracking firewall. The usual symptom that suggests there is a botnet present is a dramatic slow down in performance. As always, it is a good idea to search the internet for the latest information on topics like this because the war between good and evil is forever evolving.

This article has been provided personally by the author solely for publication by APCUG member groups. All other uses require the permission of the author (see e-mail address above).

Click here to view more articles that may interest you.