Introduction of Botnet in Computer Networks
Network of compromised computers are called botnet. Compromised computers are also called as Zombies or bots.
These software are mostly written in C++ & C.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
It all starts with the dark side of the internet which introduced new kind of Crime called Cybercrime Among the malware (malicious software) botnet is a most widespread and serious threat.Several large institutions, government organizations, almost every social networking websites Facebook, Twitter, Instagram etc, e-commerce website Amazon, Flipkart etc, in short, every firm associated with internet became the victim of this malware. The funniest part about this kind of malicious software is that it is freely available in the market for the lease. It can be used in DDoS attacks (Smurf attack), Phishing, Extortion etc.
How it Works:
Either you write code to build software or use it from the available (Leaked) botnet like ZEUS Botnet(king of all botnet), Mirai botnet, BASHLITE etc. then find the vulnerable system where you can install this software through some means like social engineering (e.g Phishing) soon that system becomes a part of bot army. Those who control it called as the botmaster which communicates its bot army using command and control channel.
At first, those who want to be botmaster finds the target system (here target system means finding the vulnerable system), then use popular social engineering techniques like phishing, click fraud etc to install small (Kbs) executable file into it. A small patch has been included in the code which made it not visible even with all the running background process. A naive user won’t even come to know that his/her system became the part of a bot army. After infection, bot looks for the channel through which it can communicate with its master. Mostly Channel (command and Control channel) uses the existing protocol to request for the command and receive updates from the master, so that if anyone tries to look at the traffic behavior then it will be quite difficult to figure it out.
Botmaster used to write scripts to run an executable file on different OS.
For Windows: Batch Program For Linux: BASH Program
Following are the major things can be performed on bots:
Botmaster can inject snippet of code to any secured website which bot used to visit.
Here on using a special symbol like:”!” for bypass specific domain,”@” for the screenshot are used.
Redirection of the webpage can be done here.
Assign any IP to any domain which master wants to route of the bot family.
Types of Botnet: Based on Channel:
- Internet Relay Chat (IRC) Botnet:
Internet Relay Chat (IRC) acts as the C&C Channel.Bots receive commands from a centralized IRC server. A command is in the form of a normal chat message.
Limitation: Entire botnet can be collapsed by simply shutting down the IRC Server.
- Peer-to-Peer (P2P) Botnet:
Formed using the P2P protocols and decentralized network of nodes.
Very difficult to shut down due to its decentralized structure. Each P2P bot can act both as the client and the server. The bots frequently communicate with each other and send “keep alive” messages.
Limitation:Has a higher latency for data transmission.
- Hyper Text Transfer Protocol (HTTP) Botnet:
Centralized structure, using HTTP protocol to hide their activities.Bots use specific URL or IP address to connect to the C&C Server, at regular intervals. Unlike IRC bots, HTTP bots periodically visit C&C server to get updates or new commands.
Botnet Lifecycle can be understood using the following stages:
This is a brief introduction of the botnet.