This paper provides a summary of the incidents, impacts and threats caused by botnets. A botnet refers to a network that is created by hijacked computers that are also referred to as bots or zombies. The captured systems’ owners are not aware of the situation and as such the files and resources contained in the computers are accessed by the crackers (Christian 2009).
The malware that is installed on the bots takes control of the Command and control-Server connections and such they cannot be connected automatically to the Command and control server. The botnet is controlled from the bot that is at the client site to the C& C, which is at the server site. The protocols that are used to connect include the Internet Relay Chat (IRC), HTTP (Hypertext Transfer Protocol (HTTP) and the more and more (Christian 2009).
Botnets are very dangerous because once they have been created, the law does not have provisions that allow for its remote destruction. As such bots cannot be destroyed easily. Further, destruction of the bots may lead to criminal liability because the owner should be contacted to offer permission for its destruction (Christian 2009). The botnet are extended when a malware program has been installed on the systems that do not have a connection to the botnet and as such a lot of computers are controlled. The bots are spread through emails, downloads, exploits and manual installation (Christian 2009).
The botnets are controlled by either the Internet Relay Chat (IRC); instant messaging(IM); WEB (HTTPs) and Peer to peer controls(P-P).The IRC channel sends orders to the zombies though the IRC channel.IM uses services such as ICQ, AOL and MSN however they are not popular because of their slow nesses. The WEB is developing at a first phase, and it functions by connecting the bots to the web server. The Peer to Peer does not require a C & C server because every zombie has a connection to bots in the network (Christian 2009).
The botnets serve many purposes most of which are criminal such as commencing the DDoS attacks and sending of Spam. The botnets are used for other activities such as cyber extortions; creating internet connections that are anonymous; conducting file transfers that are illegal; sniffing traffic; key logging and brute forcing among other criminal activities (Christian 2009).
Botnets were first discovered in 1998 and the malware tools that were prevalent then were BackOrifice and NetBus. The malware tools controlled the infected computers remotely. A malware tool was discovered in 2000, and it could control two or more computers simultaneously. Later, botnets that could use the IRC protocol were introduced. Further, the C& C servers use the Internet and other web technologies such as HTTP (Christian 2009).
The Storm bot is very popular, and it was discovered in 2007.The Storm bot's design has a design that enables it to safeguard itself from various threats. The storm bot has many versions, and all of them were released within a short span of time. The storm bot has approximately 50,000 to 10 million zombies that are controlled by criminals (Christian 2009).
The Conficker bot can break into the military’s systems, and it spread through a security hole in Windows system. The bot run codes on the victim’s systems remotely. The bot spread to other computers due to the network shares and through the external HDDs and USB-sticks. The botnets are likely to become dangerous in the future. Therefore, necessary measures should be undertaken to prevent the spread of the malware in various systems (Christian 2009).
Christian Matthias Fulz .2009.Impacts, threats and incidents caused by Botnets. University of Applied Sciences,