The most frequently used definition of the botnet is a robot network, also known as “zombie army”. In fact botnet is a huge amount of personal computers all over the globe, often compromised by an attacker, combined in a virtual network and eventually used for spam generation, establishing relay viruses, or flooding network or particular web server with the enormous amount of excessive requests, also known as DDoS (distributed denial of service) attacks and causing its failure. In the majority of the cases botnets are used for negative purposes and the top of the botnets list is occupied by the bad ones. However, in the recent years the intention for creation of “good” botnets brought to development of botnets that will be used for positive purposes, like battling “bad” botnets.
The most typical way to infect the PC and make it a zombie, or part of a botnet, is via malware or infected email attachment. Malware installs the bot program on the target system and gives criminals control over the victim PC. Botherder, or the botnet controller, is a criminal who has special application, called client, to issue commands to zombies. With the client, the botherder can send command to single zombie or to the whole botnet to perform various illegal activities, like spamming or blocking the performance of particular server via DDoS attack. Botnets are the source of a huge income and quite often they are very hard to detect, fight and take down (Devis, L. 2009). The biggest concern of the botnets is their ability to infect thousands of personal computers. According to statistics top five botnets now working in the web are: Cutwail, Lethic, Grum, Ogee and Festi. Their recent activity can be seen on the figure 1. They are different but having one common feature –all of five top botnets specialize on sending spam messages.
Spamming and DDoS attacks are the main feature of the Cutwail botnet having infected more than two million personal computers in 2009. Lethic botnet specializes on replica and pharmaceutical spamming messages and consists of around three hundred thousand infected machines. Grum is responsible for sending pharmaceutical spam emails and was considered as one of the largest botnets, being responsible for 18% of worlds spam messages until it was taken down in 2012 (BBC News technology, 2012). Festi botnet has significantly ramped up its activity during recent month enlarging the number of infected computers up to three hundred thousand. Its main activity is sending spam messages and its boosted performance is related with the shutting down of the Grum botnet (Saarinen, J. 2012). The top five botnets, that infected the biggest amount of the personal computers is shown in table 1. These botnets are most wanted in America for stealing personal data, attacks on web servers and other crimes (Messmer, E. 2009). On the contrary to majority of the botnets, that perform negative activity, nowadays, ‘good’ botnets are being developed with the main aim to battle ‘bad’ botnets. The main concept of the …
Posted by: Lincoln Gadberry