A botnet (“robot network”) refers to multiple computers infected with remote-controlled software that allows a single hacker to run automated programs on the botnet behind the users’ backs. The remote-controlled software or rootkit is clandestinely installed in each computer, hiding its presence and tracks, making detection difficult. Meanwhile, the hacker can use the botnet for many purposes, including distributing spam, spreading Trojan horses, perpetuating phishing scams, or gathering information for identity theft or fraud.
When a compromised computer falls prey to a rootkit, the computer is referred to as a “zombie computer.” A hacker can install rootkits on many computers, essentially building a network of compromised “zombie computers” to run secretive bots or services for the hacker. In the underground niche of botnet operators, there is much competition to have the largest or most powerful botnet. Not only are individual computers at risk, but so too are the networks of major private companies, government and even the military.
Botnets are a major source of crime on the Internet. Some operators “rent” their botnets by the hour to spammers. Internet Service Providers (ISPs) disallow spamming, but when thousands or hundreds of thousands of machines send five or ten pieces of spam, the spammer escapes notice. Furthermore, spam sent through a botnet tracks back to the compromised computers, not to the spammer.
Botnets are also used to perpetuate phishing scams by sending emails that appear to come from legitimate companies like financial institutions, eBay or PayPal. The email typically asks for sensitive personal information, which victims often provide. This information goes directly to the operator of the botnet for personal gain.
An operator can also use a botnet to launch a Distributed Denial of Service (DDoS) attack against a website. The computers in the botnet are sent a command prompting them to contact a specific webpage simultaneously. This can cause the website server to crash from an overload of traffic requests. Getting the server and the website back online can take time and disrupt business. DDoS attacks are often carried out against large, well-known companies and have been widely reportedly as costing millions of dollars.
Click-fraud is yet another scam perpetrated by some botnet operators. Advertisers commonly pay a small fee for every click on an advertised link that appears on a webpage. A botnet operator with an advertising contract on a personal domain can send a command to the computers in the compromised network to automatically click an advertising link whenever a browser is opened. Considering a botnet can be very large, click-fraud poses a considerable problem for advertisers.
In October 2005, Dutch police uncovered a major botnet consisting of 1.5 million compromised computers. The zombie network was allegedly run by three individuals in their twenties. Botnets are becoming more widespread with the United States believed to be the country most affected, housing some 26% of all botnets by some estimates. As many as 25% of all US computers might be part of a botnet, though it is difficult to know if such statistics are accurate.
What is certain is that botnets are widespread and growing, even attracting teenagers known as “script kiddies” who compete in building botnets. As a result, savvy computer users and administrators are taking steps to guard against rootkits that hand over access to hackers and script kiddies. Anti-rootkit software can be used to scan for existing rootkits, and other precautions can also be taken to minimize the risks of becoming part of a botnet.