Botnet or zombie network

Posted: October 17, 2012 in Glossary
Tags: , ,

BotnetBotnet or zombie network – a network of computers infected with malware that allows an attacker to remotely manage other people’s machines without the knowledge of their owners.

In recent years, botnets have become a stable source of income for cybercriminals. Consistently low costs and minimum knowledge needed to control the botnet, contribute to popularity, and with it the number of botnets. To DDoS-attacks or spam, carried by zombie networks, attackers and their customers earn thousands of dollars.

Botnets are created to make money. There are several areas of commercially viable applications of zombie networks: DDoS-attacks, collecting confidential information, spam, phishing, search engine spam, wrapping click-counters, etc. It should be noted that profit will be any direction, no matter what the attacker has chosen, and botnet can perform all of these activities simultaneously.

Typical Botnet with Zombies

Conducting DDoS-attacks

Conducting DDoS-attacks (DDoS-attack from the English. Distributed Denial-of-Service) – it is an attack on a computer system, such as a web site, the purpose of which is to bring the system to a “fall”, that is the point where she can no longer receive and process requests for legitimate users. One of the most common methods of DDoS-attack – sending multiple requests to a computer or site-sacrifice, which leads to a denial of service if the attacked computer resources are insufficient to handle all the incoming requests. DDoS-attack is a formidable weapon hackers, and botnets – a perfect tool for making them.

DDoS-attacks can be as a means of unfair competition, as well as acts of cyber-terrorism. Host a botnet can be of service to any unscrupulous entrepreneur – to conduct DDoS-attack on the site of its competitor. Attacked resource after the load, “lie”, the customers will get a temporary advantage, and cyber criminals – a modest (or not) reward.

In the same way the owners can use the botnet DDoS-attacks to extort money from large companies. The companies prefer to fulfill the requirements of cybercriminals as successful mitigation of DDoS-attacks is very expensive. For example, in January 2009, one of the largest hosting providers been DDoS-attack, which resulted in thousands of sites hosted on its servers were inaccessible almost daily. Financial losses were huge host.

In February 2007, a series of attacks on the root DNS-servers from work which depends the normal functioning of the entire Internet. It is unlikely that the purpose of these attacks was the collapse of the World Wide Web, because the existence of zombie networks is possible only under the condition that exists and is functioning Internet. Most of all it was like a demonstration of the power and possibilities of zombie networks.

Advertising services for the implementation of DDoS-attacks publicly available on many forums on relevant topics. Prices of attack range from 50 to several thousand dollars per day of continuous operation DDoS-botnet. According to the site, 2008 were held over 190,000 DDoS-attacks, cyber criminals are able to earn about $ 20 million. Naturally, this amount does not include the proceeds of blackmail that is impossible to calculate.

Collection of your Personal Information

Confidential information, which is stored on the user’s computer will always attract intruders. The greatest interest credit card numbers, financial information and passwords to various services: mailboxes, FTP-servers “INSTANT MESSENGER”, etc. In this modern malware could allow attackers to target exactly the data that they are interested – it is enough to download PC corresponding module.

Attackers can either sell stolen information, or use it to your advantage. In many forums on the web every day there are hundreds of ads from bank accounts. Account Cost depends on the amount of money in the account and is from 1 to $ 1,500 per account. The lower bound shows that in the course of competition cybercriminals involved in this kind of business, forced to cut prices. To earn a lot of really, they need a steady stream of fresh data, and this required a steady growth of zombie networks. Particularly interesting financial information carders – attackers involved fake bank cards.

Just how beneficial such operations can be judged by the well-known story of a group of Brazilian cyber criminals, who were arrested two years ago. They were able to withdraw from the bank accounts of ordinary users 4.74 million dollars, using the stolen information from computers. In the acquisition of personal data, not directly related to the money you are interested and criminals engaged in forgery of documents, opening fake bank accounts, a solicitation, etc.

Another type of information is collected botnets e-mail addresses, and, in contrast to the credit card numbers and records, one from the address book of an infected computer can extract a lot of emails. Collected addresses are offered for sale, and sometimes “in bulk” – MBs. The main buyers of such “goods” are spammers. List of a million e-mail-address is from 20 to 100 dollars, and ordered spammers to send to the same address million – $ 150-200. The benefit is obvious.

Criminals are also interesting accounts payable services and various online stores. Certainly, they are less expensive bank accounts, but their implementation is associated with a lower risk of persecution by the police.


Subscribe spamaEzhednevno worldwide cruising millions of spam messages. Unsolicited mail is one of the main features of modern botnets. According to “Kaspersky Lab”, about 80% of all spam is sent via zombie networks. From the computers legitimate users send billions of messages with advertising “Viagra”, copies of expensive watches, online casinos, etc., clogging the channels of communication and mailboxes. Thus hackers jeopardize computers harmless users addresses that is sending, get blacklisted by anti-virus companies.

In recent years, the very scope of services has expanded spam: there ICQ-spam, spam in social networks, forums, blogs. And it is also “merit” botnet owners: it is a snap to add to the bot client add-on that opens new horizons for business with slogans such as “Spam on Facebook. Inexpensive. ” Prices for spam vary depending on the target audience and the number of addresses that is sending. The price range for a targeted mailing – from $ 70 per hundred thousand addresses to 1,000 dollars for a few tens of millions of addresses. Over the past year, spammers sending letters earned about 780 million dollars.

Creating a search engine spam

Another use of botnets – increasing popularity of websites in search engines. Working on search engine optimization, resource managers are trying to increase the position in search results because the higher it is, the more visitors will go to the site through search engines and, consequently, the more revenue the site owner, such as the sale of advertising space on your web pages. Many companies pay webmasters a lot of money, so they brought out a site for the first position in the “search engines”. Botnet owners assembled some of their techniques and automate the process of search engine optimization.

When you see in the comments to his entry in the “Live Journal” or good photos posted in the photo hosting, a lot of links created by an unknown person to you and sometimes your “friends” – do not be surprised: just ordered some promotion of the resource owners botnet. Specially designed program is downloaded to the zombie computer and on behalf of the owner leaves comments on popular resources with links to untwist sites. The average price for the illegal services of search spam – about $ 300 a month.

How much are the personal data

The cost of stolen personal data depends on the country in which they live their rightful owner. For example, complete data resident of the United States are 05.08 dollars. On the black market are especially valued data EU citizens – they are two to three times as much data about the citizens of USA and Canada. This can be explained by the fact that such data criminals can use in any country outside the EU. The average world price of the full package of data on one person is about $ 7.

Means of protection against botnets

1. First of all it antivirus program and a comprehensive package for protection against Internet threats with regularly updated databases. They will not only able to detect danger and eliminate it before it turned into a zombie your faithful “iron friend” will send spam, or “drop” sites. Integrated packages, such as Kaspersky Internet Security 2009, contain a full set of protection functions, which can be controlled through a common command center.

– Antivirus module in the background scans critical system areas and controls all possible ways of invading viruses: e-mail attachments, and potentially dangerous Web sites.

– Firewall monitors the exchange of data between the PC and the Internet. It checks all data packets received from the network, or go there, and if necessary to block network attacks and prevent the secret sending of personal data on the Internet.

– Spam-filter protects the mailbox from penetration advertisements. Its tasks also include identifying phishing emails in which attackers try to extract information about the user to enter their data in online payment and banking systems.

2. Regular updating of the operating system, web browsers and other applications, developers are discovering and eliminating many of the gaps in their protection, as well as weaknesses that are used by hackers.

3. Special programs, cryptographers will protect your personal data, even if the bot has already penetrated the computer, because to access it will have to crack the password.

4. Common sense and caution. If you want to protect your data from all kinds of threats, do not download and install software of unknown origin, to open files with the files despite the warnings antivirus, go to a site that does marked as hazardous, etc.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s