Botnet: Difference between revisions
imported>Sandy Harris No edit summary |
imported>Sandy Harris No edit summary |
||
| Line 3: | Line 3: | ||
A '''botnet''', from "robot network", is a set of compromised machines, called '''zombies''', which can collectively perform tasks for the '''bot herder'''. | A '''botnet''', from "robot network", is a set of compromised machines, called '''zombies''', which can collectively perform tasks for the '''bot herder'''. | ||
Machines may be taken over in a variety of ways. [[trojan (computers) | Trojan horse]] programs in games or pornography are used. Some [[virus (computers) | viruses]] make the victim computer part of a botnet. A famous example was the Storm botnet [http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html], spread mainly by email messages. Some web sites include [[malware | malicious code]] which attempts to subvert visitors' machines. | Machines may be taken over in a variety of ways. [[trojan (computers) | Trojan horse]] programs in games or pornography are used. Some [[virus (computers) | viruses]] make the victim computer part of a botnet. A famous example was the Storm botnet [http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html], spread mainly by email messages. Some web sites include [[malware | malicious code]] which attempts to subvert visitors' machines. These methods can be combined; downloaded malware might scan the victim's address book and try to spread further via email or [[instant messaging]. | ||
Botnets can also be built by actively '''scanning for insecure machines'''. Any computer can be attacked in this way, but one target is common enough and often insecure enough to be the favorite. The attacker looks up the IP address ranges used for [[ADSL]] or other [[broadband]] Internet service; any machine he can compromise there will have a good enough net connection to be quite useful to him. Most are home machines, often not set up for secure operation and not protected by firewalls. He then scans those IP addresses looking for Windows machines that have not installed Microsoft's security updates and are therefore vulnerable to known attacks. | |||
Several simple defenses can greatly reduce the risk of a home machine becoming part of a botnet. Simply doing Windows updates prevents many of the attacks used. A cheap off-the-shelf [[Router#Small_and_home_office | router]] provides some firewall protection between your machine and the net, and has other benefits such as allowing multiple machines to share a connection. Checking your Windows network settings to ensure that you are not allowing shares to arbitrary people can block some attacks. | Several simple defenses can greatly reduce the risk of a home machine becoming part of a botnet. Simply doing Windows updates prevents many of the attacks used. A cheap off-the-shelf [[Router#Small_and_home_office | router]] provides some firewall protection between your machine and the net, and has other benefits such as allowing multiple machines to share a connection. Checking your Windows network settings to ensure that you are not allowing shares to arbitrary people can block some attacks. | ||
The main applications of botnets are to perpetrate various sorts of net.evil, such as conducting [[distributed denial of service]] attacks and sending [[unsolicited email | spam]]. | The main applications of botnets are to perpetrate various sorts of net.evil, such as conducting [[distributed denial of service]] attacks and sending [[unsolicited email | spam]]. | ||
Revision as of 20:56, 3 March 2010
A botnet, from "robot network", is a set of compromised machines, called zombies, which can collectively perform tasks for the bot herder.
Machines may be taken over in a variety of ways. Trojan horse programs in games or pornography are used. Some viruses make the victim computer part of a botnet. A famous example was the Storm botnet [1], spread mainly by email messages. Some web sites include malicious code which attempts to subvert visitors' machines. These methods can be combined; downloaded malware might scan the victim's address book and try to spread further via email or [[instant messaging].
Botnets can also be built by actively scanning for insecure machines. Any computer can be attacked in this way, but one target is common enough and often insecure enough to be the favorite. The attacker looks up the IP address ranges used for ADSL or other broadband Internet service; any machine he can compromise there will have a good enough net connection to be quite useful to him. Most are home machines, often not set up for secure operation and not protected by firewalls. He then scans those IP addresses looking for Windows machines that have not installed Microsoft's security updates and are therefore vulnerable to known attacks.
Several simple defenses can greatly reduce the risk of a home machine becoming part of a botnet. Simply doing Windows updates prevents many of the attacks used. A cheap off-the-shelf router provides some firewall protection between your machine and the net, and has other benefits such as allowing multiple machines to share a connection. Checking your Windows network settings to ensure that you are not allowing shares to arbitrary people can block some attacks.
The main applications of botnets are to perpetrate various sorts of net.evil, such as conducting distributed denial of service attacks and sending spam.