A botnet is a collection of software agents, or robots, that run autonomously and automatically. It also refers to a network of computers using distributed computing software. A computer "robot" or "bot" that serves the wishes of some master spam or virus originator. The main motive behind these botnets is financial gain along with recognition. Botnets have become a significant part of the Internet, albeit increasingly hidden. Due to most conventional IRC networks taking measures and blocking access to previously-hosted botnets, controllers must now find their own servers. Sometimes a controller will hide an IRC server installation on an educational or corporate site where high-speed connections can support a large number of other bots.
A bot typically runs hidden and uses a covert channel to communicate with its C&C server and the one who creates the bot has compromised a series of systems using various tools.Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords, it scans the computer for vulnerabilities and informs them if there are any to the creator of the botnet. Then depending on the vulnerability he will send the malware that will attack the entire system or entire network.
It can be used to send spam mails:
Topologies of Botnet:
The architecture of botnets has evolved over time, and not all botnets exhibit the same topology for command and control. Depending upon the topology implemented by the botnet, it may make it more resilient to shutdown, enumeration, or command and control location discovery
A bot typically runs hidden and uses a covert channel to communicate with its C&C server and the one who creates the bot has compromised a series of systems using various tools.Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords, it scans the computer for vulnerabilities and informs them if there are any to the creator of the botnet. Then depending on the vulnerability he will send the malware that will attack the entire system or entire network.
It can be used to send spam mails:
- A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot.
- The bot on the infected PC logs into a particular C&C server often an IRC server.
- A spammer purchases the services of the botnet from the operator.
- The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.
Topologies of Botnet:
The architecture of botnets has evolved over time, and not all botnets exhibit the same topology for command and control. Depending upon the topology implemented by the botnet, it may make it more resilient to shutdown, enumeration, or command and control location discovery
- Star
- Multi-server
- Hierarchical
- Random
0 comments:
Post a Comment