What is it?
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. The owner can control the botnet using command and control (C&C) software.[1] The word "botnet" is a combination of the words "robot" and "network".
But some bots are useful like chat-bots, majorly used in many companies.
concepts of building botnets:
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. The owner can control the botnet using command and control (C&C) software.[1] The word "botnet" is a combination of the words "robot" and "network".
But some bots are useful like chat-bots, majorly used in many companies.
concepts of building botnets:
- A hacker purchases or builds a Trojan and/or exploit kit and uses it to start infecting users' computers, whose payload is a malicious application—the bot.
- The bot on the infected PC logs into a particular command-and-control (C&C) server. (This allows the bot master to keep logs of how many bots are active and online.)
- The bot master may then use the bots to gather keystrokes or use form grabbing to steal online credentials and may rent out the botnet as DDoS and/or spam as a service or sell the credentials online for a profit.
- Depending on the quality and capability of the bots, the value is increased or decreased.
Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.
Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. After the software is downloaded, it will call home (send a reconnection packet) to the host computer. When the re-connection is made, depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules.
No comments:
Post a Comment