Botnets: What are They, and How can You Protect Your Computer?

The average computer user tends to look blank if the word "botnet" is said. So, here's a summary of what botnets are and how to secure your information.


7 August 2014

Botnets: What are They, and How can You Protect Your Computer? - Graham Cluley

Chances are that every day your email address receives more than its fair share of spam messages. With luck you have good spam-filtering technology in place which (hopefully) is blocking most of the unwanted email and allowing only legitimate messages through.

But have you ever wondered how all that spam was sent in the first place?

The fact is that it was almost certainly sent to your computer by a botnet, one of the most serious threats to internet security.

The FBI recently testified to the U.S. Senate's subcommittee on the sheer scale of the botnet problem which sees 18 computers recruited by the hackers every second of every day:

The impact of this global cyber threat has been significant. According to industry estimates, botnets have caused over $9 billion in losses to U.S. victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year, translating into 18 victims per second.

Despite the magnitude of the problem, the average computer user tends to look blank if the word "botnet" is said to them. So, here's a quick summary which hopefully will help explain the threat more clearly:

What is a Botnet?

Botnets are armies of computers that have been compromised by online criminals, usually without the knowledge of the real owner, and remotely commanded to steal information, send spam, spread malware, or launch distributed denial-of-service (DDoS) attacks.

A computer which has been recruited into a botnet (literally "a network of robots") is no longer under its owner's sole command — it can now silently engage in all manner of cybercriminal activity at the remote command of its hacker overlord (known as a "botmaster").

[caption id="attachment_1928" align="alignnone" width="600"]Image of Botnet by Tom-b. Licensed under CC BY-SA 3.0 via Wikimedia Commons. Image of Botnet by Tom-b. Licensed under CC BY-SA 3.0 via Wikimedia Commons.[/caption]

In other words, it could be *your* computer (or that of a friend, a colleague, or your Aunty Agatha) that is making the internet a more unpleasant and unsafe place for the rest of us.

What can a Botnet Do?

Under the command of a botmaster, a botnet of hijacked computers can be instructed to participate in a number of activities. But here are the main ones:

Sending spam and distributing malware

Firstly, there is product spam — designed to sell you something. A computer commandeered into a botnet can be instructed to send out spam messages advertising absolutely anything — from miracle diet pills to fake degrees to office supplies.

It is possible that you *might* receive a product that is advertised to you via a spam message, but you're taking a big gamble. Firstly, the quality of the products you receive might be of dubious quality (people who have purchased drugs advertised via spam have been known to die as a consequence), but more fundamentally recognise that whoever was behind the spam campaign has already proven themselves to be shady by the sheer fact that they are resorting to unsolicited junk mail to promote their products ...

Should you really trust them with your credit card details?

And that's before you even consider the countless "letters from Nigeria" claiming you are the rightful heir to a $169 million fortune, or telling you that you have won first prize in a lottery that you never participated in.

Then there are phishing messages, claiming to come from your online bank or a popular social network, and trying to trick you into following a link and entering your username and password.

Finally, there is the most malicious spam — engineered with the intent of infecting the recipient's computer, perhaps via a booby-trapped attachment or a link to a website hosting a drive-by attack.

If no one responded to spam messages — if no-one clicked, if no-one bought anything, if no-one replied — then it's fair to say that the spam email problem would pretty much die off. The vast majority of spam is sent as a commercial venture (there is also some political spam, but that's just a tiny proportion of the problem), and it only exists because the spammers know that a small proportion of the recipients will be tempted to make a purchase or click on a link.

If no one acted on the spam emails, there would simply be no reason for spammers to carry on sending out their messages. But, of course, some people do find it impossible to resist responding to the emails to claim their Nigerian inheritance, and do find themselves clicking on links or email attachments that harbor malware.

Launching a distributed denial-of-service attack

The other major criminal use of botnets is to launch DDoS attacks. This is where thousands of computers are simultaneously ordered to bombard a website with so much traffic that it effectively falls over.

I like to think of it as being like "15 men trying to get through a revolving door at the same time".

A website might suffer a denial-of-service attack because an attacker has a vendetta or moral issue with a particular corporation, and wishes to embarrass the company or make it difficult for it to do business.

But often the reason is purely financial, and boils down to a rudimentary blackmail attempt. In the past, for instance, gambling websites have been attacked in the run-up to a major sporting event, as criminals attempt to extort money in exchange for allowing the website to remain accessible.

Internet companies like Feedly and Evernote are amongst those that have recently been targeted by hackers attempting to extort money through the threat of a denial-of-service attack.

And in June, one company even went out of business after it suffered a crippling DDoS attack.

code-spaces-grahamcluley-com

In that particular case, the company might have survived if it had had a proper disaster recovery plan in place, and kept alternative backups.

Stealing information

A botnet also provides opportunities for hackers to steal personal and financial information, exfiltrating sensitive documents and monitoring keystrokes with the intention of grabbing passwords and breaking into bank accounts.

Remember this: If a hacker has remote control of your computer because it has been enlisted into a botnet, the hacker can do pretty much anything with your computer. It's as though the hacker sat at the keyboard and typed the commands — the only difference is that you can't see what the hacker is up to or accessing.

Who is Behind the Botnets?

Fortunately, the computer crime-fighting authorities are well aware of the risks posed by botnets (in some cases they have even fallen victim to DDoS attacks themselves), and there have been numerous arrests in connection with botnet gangs over the years.

However, there is no doubt that the anonymity provided by the internet has prevented many of those involved in botnets to escape prosecution.

Furthermore, in recent years it has become apparent that botnets are not just run by the typical cybercriminal.

For instance, leaked NSA documents allege that the organisation had formed an army of computers on 50,000 networks worldwide, running "sleeper agents" that can activate months after implanting to steal information and harvest data.

Clearly, all organisations need to protect themselves, their customers, and its and its customers’ data — as it may not just be traditional hackers who are the risk any more.

How Should You Protect Your Computer?

Clearly having your computer recruited into a botnet is a bad thing — not just for you, but also for everyone else on the internet who might end up being plagued by spam and attacks launched from your hijacked computer. So here's what you can do to reduce the chances of being compromised:

  1. Run anti-virus software, and make sure that you keep it updated.
  2. Run other security software, including a firewall, to make your computers less vulnerable to attack.
  3. Keep your other software — apps and operating system — updated too. New vulnerabilities are found all the time, some of which are exploited by malware authors in their attempts to grow the size of their botnet. Consider enabling automatic updates if you find updating your software a tiresome nuisance.
  4. Be wary of clicking on links or opening attachments in unsolicited emails — there could be malware lying in wait.
  5. Don't forget your smartphones. Although most botnets are comprised of Windows and Mac computers, there have also been notorious incidents of botnets powered by other devices running other operating systems, such as Android.


Graham Cluley

Graham Cluley

Graham Cluley is an award-winning veteran of the anti-virus industry, fighting cybercrime and raising awareness of computer security and privacy issues since the early 1990s. Find out more on his computer security blog or follow him on Twitter.