ZOMBIE ARMIES AREN’T just invading movie screens these days. They’re also taking over the Internet in the form of massive botnets.
A botnet is an army of computers, all infected with the same malware, that gives a bot herder remote control of these computers in order to surreptitiously commandeer them without their owners’ knowledge. The bot herder can send instructions to the network of computers from a command-and-control server to siphon credit card numbers and banking credentials from them or use them to launch DDoS attacks against web sites, deliver spam and other malware to victims, or conduct advertising click fraud.
Botnets came up this month in a Senate Judiciary hearing with FBI Director James Comey. Senator Sheldon Whitehouse, who has previously likened botnets to weeds that do “evil things,” asked Comey for his assessment of one of the Internet’s biggest scourges, and Comey replied that there was no such thing as a “good botnet.”
“Whether they’re coming at you or whether they’re standing still, it’s bad,” Comey replied. “I don’t know of a good purpose for an army of zombies.”
Botnets have been around for more than a decade and have become one of the most popular methods attackers use to hijack machines and make quick money. The security industry estimates that botnets, over time, have resulted in more than $110 billion in losses to victims globally. An estimated 500 million computers fall prey to botnet attackers annually, which comes down to about 18 victims infected per second.
The Morris worm, unleashed in 1988, is sometimes cited as the first botnet. But although that worm infected thousands of computers on the ARPAnet, the precursor to the Internet, it was not truly a botnet in the way we define such networks today. Robert Morris, Jr., who launched the worm, didn’t control the infected machines and never earned a penny from his operation; instead his worm simply spread uncontrollably.
Today’s botnets are well-oiled criminal enterprises often composed of millions of infected machines that can earn a bot herder or his customers millions of dollars.
Coreflood, for example, was a popular botnet that held strong for nearly a decade before law enforcement crippled it in 2011. One Coreflood control server seized by authorities commandeered more than 2 million infected machines and in a single year amassed more than 190 gigabytes of data from victim computers. The botnet allowed criminals to loot millions from victims, including $115,000 from the account of a real estate company in Michigan and $78,000 from a South Carolina law firm.