What are Bots, Botnets and Zombies?

News about internet crimes often mentions ’bots’, ’zombies’, and ’botnets’. It’s not hard to figure out from the context that these are computer or network security threats. But what exactly are they, how do they work, and what damage do they cause?

A ’bot’, short for robot, is a type of software application or script that performs tasks on command like indexing a search engine, and they are really good at performing repetitive tasks.

Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely. Once infected, these machines may also be referred to as ’zombies’.

Taking over one computer is useful, but the real value to a criminal comes from collecting huge numbers of computers and networking these (a botnet) so they can all be controlled at once and perform large scale malicious acts.

As of August 2011 there are between 100-150 million computers worldwide (out of 600 million PCs on the Internet) infected with bots and under the control of hackers. These computer owners unwittingly put everyone at risk, and most would be shocked to learn that the spam you’re receiving is coming from thousands or even millions of computers just like (and including) theirs. The real owners of those computers can still use them, and they are probably unaware of anything being wrong except perhaps they think their computer seems slow at times.

One botnet, called Rustock, was disabled through collaboration between industry and law enforcement in March of 2011. This botnet had approximately 1 million infected computers networked together, and was capable of sending up to 30 billion spam emails a day.  This botnet was so large that when it was taken down, global spam volumes instantly dropped by 30 percent.

It only takes minutes for an unprotected, internet connected computer to be infected with malicious software and turned into a bot, underscoring the critical need for every computer and smartphone user to have up-to-date security software on all their devices.

Cybercriminals make money from their botnets in several ways:

• They may use the botnets themselves to send spam, phishing, or other scams to trick consumers into giving up their hard earned money. They may also collect information from the bot-infected machines and use it to steal identities, run up loan and purchase charges under the user’s name.
• They may use their botnets to create denial-of-service (DoS) attacks that flood a legitimate service or network with a crushing volume of traffic. The volume may severely slow down the company’s service or network’s ability to respond or it may entirely overwhelm the company’s service or network and shut them down.

Revenue from DoS attacks comes through extortion (pay or have your site taken down) or through payments by groups interested in inflicting damage to a company or network. These groups include "hacktivists" — hackers with political agendas as well as foreign military and intelligence organizations.

• Cybercriminals may also lease their botnets to other criminals who want to send spam, scams, phishing, steal identities, and attack legitimate websites, and networks.

Don’t let your computer become a bot

If you have not installed security software and ensured that it is turned on, and kept up-to-date your machine is likely infected with all kinds of malicious software, including bots. The best protection is to set your anti-virus and anti-spyware programs to automatically update, and to install every patch that your operating system and browser make available.

Even the most up-to-date protection tools cannot protect you from everything; there is still some risk because the developers of malware are always looking for new ways to get around security measures, and there is the risk of infection because of actions you, or another person who used the computer, take.

A common user risk comes through downloading content from unknown sites OR from friends that don’t have up-to-date protections. The intent may not be malicious at all, but if content comes from an unprotected computer it may well be infected. By downloading the content you bring the malicious code past your security checkpoints where they can try to clean the malware off your machine, but they have no way of defending against it being downloaded in the first place. Always use extreme caution when downloading information or files from someone whose computer is not protected