As promised in our post about the European Cyber Security Month during October, we are publishing about Botnets and Exploits this week. Even though we had the Poodle flaw in the web encryption standard a few days ago, we are using this week to explain what are botnets and exploits and how they work.

No doubt you’ve heard of botnets and zombie computers, but do you know exactly what these words mean? Does it mean that if your computer is infected, it will enter the realm of the living dead, like in the movies?! In this taster we will look at how a botnet works and how it affects users.

Let’s start at the beginning

The term botnet” is an amalgamation of two words: bot” is short for “robot,” and net” comes from “network.” In short, what we have here is a network of robots.

botnet basically is composed of two parts. On the one hand, there is the control panel, where the actions to be executed are centralized, and on the other hand there is the server, which is a small program that establishes the connection with the cybercriminal’s control center.

So far it might look pretty much like a Trojan, as it is made up of a control panel and a server application. Additionally, its functions include the ability to steal files, upload applications, execute processes on victim hardware and, by means of a keylogger, capture every keystroke made on the keyboard.

But what is a botnet for?

What’s special about this type of malicious code is that it enables an attacker to execute instructions on lots of computers simultaneously.

Let’s take an example from daily life: this would be the equivalent of sitting down in front of a whole stack of televisions and operating them all at the same time with a single remote control. Only, in the case of a botnet, the remote control is the control center (also known as a botmaster), while the TVs are the infected victim machines.

Each computer infected with this type of malware is described as a zombie computer, because it is at the mercy of the cybercriminal. They are the ones who have control of all the equipment, using it for various types of criminal activity.

So what can an attacker do with their network of zombie computers?

They can use all this equipment to carry out a variety of attacks. To explain a little better, let’s imagine the following scenario: an attacker has a network of bots (or zombies) consisting of 10,000 infected computers under the attacker’s control, all connected simultaneously to their web control center.

With this, they can launch a DDoS attack (Distributed Denial of Service), which consists of putting a server out of service by inundating it with queries. Let’s suppose the attacker knows the website, obtains information about it, and determines that it can withstand up to 8,000 queries simultaneously.

So to cause this server to fail, all the attacker needs to do is tell 8,001 of the 10,000 infected computers to visit the site simultaneously, causing it to collapse.

In its place, they could redirect the queries to a duplicate site, for the purpose of stealing information (for example).

Another use that a cybercriminal could make of it is to mine bitcoins, as we have seen in other articles. Cybercriminals can make use of their victims’ processing power to be able to generate bitcoins without needing to spend any money on electricity or hardware. But as a counterpart, there are versions of botnets, like Pony Loader, that steal bitcoins.

Other botnets are used for sending e-mails, in other words for sending spam. Generally their creators sell their services to spammers.

How can I protect myself from a botnet?

As always, here at the ESET Research Laboratory in Latin America, we recommend installing a security solution on your computer and keeping all your software updated at all times. Likewise, it’s important for everyone using the Internet and new technologies to stay informed about which IT threats are currently trending and how they function, so as to understand how to avoid falling victim to them.