Security

What is a botnet problem?

“What a pleasant day it is today,” you said with your eyes filled with fervour and hoping to make a great outcome. You set out for your work at your computer desk, waiting cozily to log in to the system, but you noticed it took more time than usual. You now open your Twitter page to see your regular feeds, but you see some strange posts in your name that you were not aware of. You realized something mischievous has gone with your account.

You rushed to check your Paypal account; unfortunately, it was too late, your account showed a balance of $0.0. The transaction history revealed several strange transfers. Soon after logging in, you saw your mouse lagging drastically, and the system resources meter indicates CPU overload and RAM heavily exhausting. “Ok, that is a normal system demand for refreshment” you used your tech wit and attempted a system reboot. To your surprise, your system was now taking too long to shut down.

Somehow, you managed to log in again, update the system, and emailed Paypal and twitter about your account activity. In the meantime, you observed that the previous logged-in problem was still persisting and intensifying.

You started frantically looking for a solution on internet forums and contacted several security experts. You were explained about something known as “bots” and “botnet activity ” on your system.

If you have experienced a similar story, you might have become a victim of a botnet attack. In this post, we will explain to you what is a Botnet problem and why you should care about it.

What exactly is a botnet?

A botnet is a network or set of compromised computers or bots that an attacker mainly uses for financial gain. These bots are controlled by a remote attacker called botmaster or bot-herder. A botmaster uses sophisticated ways to infect the computers and to hide his identity from being recognized. A botnet is simply a network of Bots. Once a bot is placed inside a victim’s computer, it can get your confidential credentials, vanish your bank balance, make your computer part of a “zombie” army to carry out DDoS attacks, and perform even more malicious activities.

Bots and Botnets are very sophisticated malwares that are very peculiar to detect and remove due to their stealthy design. A typical botnet army may consist of many members(Zombies) ranging from several hundred to several thousand bots. A bot is targeted to reside in the victim’s computer for a long time to get a long time of control.

How Botnet Operates

The term “Botnet” can be interpreted as “Network of Robots (Bots for short).” The potential of a botnet attack depends mainly on the size of the bot army; the larger the size, the more significant the impact will be.

The attacker first infects the victim’s computers with malicious software or an ad-ware using phishing email attachments, infecting malicious websites or known vulnerabilities (CVE). There are two general types of Botnet structures:

  1. Client/Server (Centralized) model: This is the traditional way of controlling bots. Once the bots are in place, the botmaster creates a command and control channel to control the bots remotely. In this case, botnets use either Internet Relay Chat (IRC) network or the HTTP channel for communication. Examples of these types of bots include Bobax, Rustock, Agobot, Spybot, etc.
  2. Peer to Peer (P2P) model: It uses a decentralized model where a bot acts both as a C&C server and client. This model is also comparatively more robust than centralized and harder to detect by defense countermeasures. Examples of P2P-based bots are Nugache, Peacomm, Sinit, etc.
  3. In addition to the above model, there are also several other protocols and topologies in Botnets.

Protective Measures Against Botnet Attack

To save your system from being recruited in the Botnet army, you should consider following the below tips:

  1. Teach your company’s staff about the latest emerging threats and protective measures to adapt through security awareness training.
  2. Install the latest system security patches and regularly run an antivirus scan on all systems.
  3. Deploy a firewall to counter botnet attacks at a network level.
  4. Use an intrusion detection system (IDS) and an intrusion prevention system (IPS) to monitor network activity and prevent threats.
  5. Keep your data safe by a regular backup process. This is really helpful in case of attack when you are locked out from accessing it.

Conclusion

Botnet threat has emerged as one of the significant problems to today’s IT security. P2P botnet technology is becoming a more prevalent method these days. Many new ways are being researched to thwart this threat. What’s important is that you plan an efficient security policy for your organization to address the botnet problem.

About the author

Ali Imran Nagori

Ali imran is a technical writer and Linux enthusiast who loves to write about Linux system administration and related technologies. You can connect with him on LinkedIn
.