Bots, Botnets and Zombies
What are bots, botnets and zombies?
You've probably heard terms such as “bots,” “botnets” and “zombies” in news stories about data breaches and other cybersecurity risks. But what exactly are they, how do they work and what damage can they cause?
A bot, short for robot, is a type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. The compromised machine may also be referred to as a zombie. A collection of these infected computers is known as a botnet.
Hundreds of millions of computers worldwide are infected with bots and under the control of hackers (for example: part of a botnet). The owners of these computers typically do not experience any signs that the machine is infected and continue to use it, unaware they're being controlled remotely by a cybercriminal. In fact, the infected machine could be sending multiple spam emails, including to all contacts in the computer, making it appear to the recipient that the email is legitimate and from someone they know.
A botnet that has been in the news is the Gameover Zeus Botnet, which allows the cybercriminals to retrieve banking passwords from the infected machines or use the botnet to infect more computers. This botnet was responsible for nearly one million infections worldwide since its first attack in September 2011. In June 2014, U.S. and international law enforcement seized control of the botnet, and they're working with Internet service providers (ISP) to notify impacted victims.
How and why do cybercriminals use botnets?
The following are examples of how and why cybercriminals use botnets:
- The value of bots and botnets to criminals comes from aggregating massive numbers of computers they can control simultaneously to perform malicious activities.
- Cybercriminals may use botnets to send spam, phishing emails or other scams to trick consumers into giving up their financial information.
- Cybercriminals may also collect information from the bot-infected machines and use it to steal identities, incurring loans and purchase charges under the user's name.
- Cybercriminals may use botnets to create denial-of-service (DoS) attacks that flood a legitimate service or network with a crushing volume of traffic. The volume may severely slow down, or even shut down, the organization’s business operations. Revenue from DoS attacks comes through extortion and leasing botnets. The criminals will rent botnets to groups interested in inflicting damage to another entity. The “renters” will use the botnet for sending spam and phishing emails or attacking legitimate websites and networks. These groups include "hacktivists" — hackers with political agendas — as well as foreign military and intelligence organizations.
Don't let your computer become a bot!
It only takes moments for an unprotected, Internet-connected computer to be infected with malicious software and turned into a bot. Every user should have up-to-date security software on all devices.
The best protection is to set your anti-virus and anti-spyware programs to automatically update and to automatically install every patch made available for your operating system and browser.
Don't click on links in unsolicited emails. And, don't click on links from your friends and family if they aren't using updated security measures. They may unknowingly transmit an infection on their machine to yours.
While there is no single action that will protect you from all of the cyber risks, by implementing these foundational best practices, you can greatly reduce the likelihood that your computer will be caught in the next botnet.