In I usually spend a lot of time reading about security especially bots, their in-built modularity and taxonomy. A casual glance at the headlines of popular IT publications will reveal that the security community and society at large are often in a twist about the overwhelming onslaught of bots or zombies.
Valuable assets!
But what is a bot? It is a piece of code (classified under malware due to its differential payload capabilities) which allows an attacker to gain complete control of an infected computer. The term botnet is used to define a network of infected personal computers that are under the control of a human operator commonly known as a bot-master.
Bots originated as a useful method for carrying out repetitive and time-consuming operations. One would be surprised to learn that botnets are created,nurtured and treated as valuable assets by their owners (bot-herders), who make money by hiring them out to other cyber criminals and for a potential user community, leading to offensives such as phishing attacks, spam attacks, identity theft, click fraud and the distribution
of scam emails.
The hiring is similar to providing an empty house, a partially furnished house, or a fully furnished house to a prospective buyer. In a scenerio, where the security systems are changing continuously,
without any control, these details and initiate the transfer. Botnets make use of some well-defined network communication protocols that more importantly include IRC protocol.
Generally, the Zeus botnet aims to make machines behave as spying agents with the intent of getting financial benefits.
The Zeus malware has the ability to log inputs that are entered by the user as well as to capture and alter data that are displayed onto webpages. For example, fake Internet postcards circulating through email inboxes worldwide are carrying links to the virus known as Zeus Bot, said Gary Warner, Director of Computer Forensics at the University of Alabama in Birmingham (UAB).
A virtual machine in Amazons EC2 cloud has been used as a command and control host for a password stealing version of Zeus, says a senior researcher in the Internet Security Intelligence Initiative,
part of CAs security unit.
HTTP protocol and other protocols like IM and P2P protocols. Some bots such as BlackEnergy, Rustock, and clickbot.A, rely on HTTP protocol since the bot hardens the detection process. Generally HTTP traffic is allowed in most network policies and the bot exploits this. Other types of botnets do not rely on centralised command and control mechanisms and use distributed control techniques to avoid the single point of failure problem. Zeus remains a robust botnet network, which is difficult to destroy, in spite of international sting operations.
One can even use the Zeus crimeware toolkit to personalise his copy of the Zeus bot. The toolkit is a set of programmes, available to setup a bot over a high-scaled networked infrastructure. In fact, the criminal ecosystem has become so sophisticated that the toolkit has introduced a hardware-based product activation scheme similar to whats found in Microsoft Windows for anti-piracy control!
The author is a CTO and Chief Consultant, Gemini Communication
Add new comment