The Current State of Botnets

Date: May 2, 2011

Return to the article

If you’re preparing for a security based certification exam, you should be aware of botnets, bot herders, and zombies. They are prevalent on the Internet today, and can cause a significant amount of damage to organizations if they aren’t detected and stopped. This article provides an overview of the current state of recruiting zombies, botnet sizes and actions, and how to detect botnets.

Botnets are networks of computers that work together in a distributed environment. In the context of IT security, botnets are groups of computers that do the bidding of a criminal (known as a bot herder) in charge of the botnet. The bot herder controls all the computers remotely via a command and control center and the individual computers are known as zombies. Zombies regularly check in with the command and control center and download instructions to do to the bidding of the bot herder. Botnet topics are included in many security related certifications.

Certifications that include Botnets

If you’re planning on taking the CompTIA Security+ exam, the (ISC)2 SSCP exam, or the (ISC)2 CISSP exam, you should be aware of some basic information about botnets. Each of these exams may include topics on botnets from these objectives:

Recruiting Zombies

The primary way that zombies are recruited into a botnet is through malicious software (malware). Attackers write malicious code to infect the systems, and when run, this code joins the system to the botnet. Users commonly become infected by executing attachments sent through email, or by visiting malicious websites.

Phishing emails often include links to malicious websites. If a user is tricked into clicking a link, they may become the victim of a driveby download, where malware is automatically downloaded and installed on their system as soon as the user visits the website. Other times, the user will be prompted to download and install a Trojan horse that looks like it’s something useful but is actually code that joins them to the botnet.

Some botnet malware starts as a worm. Once the worm finds a computer to infect, it then drops the code onto the system to join it to the botnet. Additionally, some malware travels from computer to computer via removable drives such as USB flash drives. Once a system is infected, it searches for removable drives and infects them as soon as they’re found. For example, if a user inserts a USB flash drive into an infected system, the system infects the flash drive as soon as it’s inserted. Infected USB flash drives infect other systems as soon as they’re moved and inserted into another system.

A primary way to prevent infections from any type of malware is to ensure systems have antivirus (AV) software running and it is up-to-date. However, since new variants of malware are constantly being created, it’s still possible that a new version is out that is not yet detectable by AV software. Educating users about risks of following phishing links, and the dangers of downloading and installing unknown software is always a good practice.

Botnet Sizes

Many botnets are huge and include millions of zombie computers. The following list shows some of these botnets and their suspected sizes.

It’s worthwhile noting that this list only shows some of the large botnets. Many criminals operate smaller botnets of only thousands or tens of thousands of zombies. While these fly under the radar of many of the published lists of botnets, they still have the potential to cause substantial damage. For example, if a criminal empties your bank account it probably doesn’t matter much to if you were attacked as part of a large or small botnet. You’re still out of money.

Zeus botnets are intriguing, since the infected computers aren’t part of a single botnet. Instead, many bot herders run their own private botnets. However, these botnets share a common functionality of stealing passwords through a backdoor created when the system becomes infected. Microsoft published an article on the Zeus botnet, also known as ZBot. It provides some insightful information on botnets in general, and also on the inner workings of Zbot.

Some notable botnets that have been taken down recently include:

Of course, this is another reason for bot herders to limit the size of their botnets. As the Japanese say, the nail that sticks up gets hammered down. Big botnets are targets of law enforcement and often get hammered, while smaller botnets continue to steal money, sometimes converting thriving businesses into businesses facing bankruptcy.

Botnet Actions

Bot herders use botnets for a variety of different purposes including:

Detecting Botnets

One of the ways to detect botnets is to monitor traffic going through your network firewall to the Internet. If you have a large amount of traffic from multiple systems going to an unknown server, or your systems are sending out a large volume of email even during non-business hours, it could be they are infected with a botnet. Isolate the systems, update AV software, and run in-depth scans on them.

Conclusion

If you’re preparing for a security-based certification exam, you should be aware of botnets, bot herders, and zombies. They are prevalent on the Internet today, and can cause a significant amount of damage to organizations if they aren’t detected and stopped. A primary way to stop botnets is to prevent initial infections with the use of up-to-date malware, and by educating users on safe computing habits.

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |