What is Botnet and What it can do - Detailed Analysis



botnet hacking
I will give you a detailed tutorial on Botnet. That what is the purpose of creating a botnet and also i will tell you that what a botnet is. Thinking like a hacker i will show you what else hackers try to do using these botnet. Often you might have listened that a website is under Ddos attack and also that the server of the website at which it was hosted suddenly crashed. All such things are done majorly using botnet.

Lets! Start the tutorial.....

What is botnet?

Botnet came from Robot Network, Means an organized automated army of zombies. Which can be used for creating a Ddos attack as well as spammy actions of flooding any inbox or spreading the viruses. Actually this army consists of large number of compromised computers. These computers are compromised using a trojan that often opens IRC (Internet Relay Chat) channel that is waiting for the commands of the person who is actually controlling the botnet as botnet is "Zombie Army".

In basic language bots are program which are automated or you can say robotic. In simple context bots refer to those computers which can be controlled from the external source which may be programmed in them. Now the attacker gains access to the computers by virus or any miscellaneous code. Most of the times computer are operating normally but they were found as the part of the botnet.

Explaining A zombie Network:

A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies. Such computers combine together to form a Zombie Network. And thus attacker can compromise large servers of the corporations.

A ‘bot’ is a type of malware which allows an attacker to gain complete control over the affected computer. There are literally tens of thousands of computers on the Internet which are infected with some type of ‘bot’ and don’t even realize it.

History of botnet:

Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers.This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, they are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means also.
botnet scheme
So, here is the benefit of this scheme that attacked launches ddos attack and can host phishings but when any cyber security department wants to investigate they merely find out those attackers who don't know that they are involved in it i mean zombies. Since, zombies are being controlled by third party.

botnet attacking anonymously
So, I thought after seeing the scheme in the picture which i have made you might have the basic idea now.

Now, the cracker or the hacker just wants to execute the file in the victim computer he can make this possible by using any social engineering trick, i-e he can send them through emails, can upload it to torrents by renaming the name to some latest movie which isn't available at net for free or software we can say and many others tricks, he just wants that the victim must double click his program so that his computer may become part of botnet. Also the program is programmed in such a way that it attached it self to that startup of the windows so that it may get activated every time. We can make this possible by using some simple scripting. or even command prompt i-e batch files.

So, the use of botnets consists of four major components:

a). Infection of a machine with malicious botnet code.

b). Connection to the command and control channel set up by the attacker.

c). Downloading of secondary payload on command of the attacker.

d). Performing an attack or additional scanning, gathering information.

Well, in this way mobiles can also be vulnerable to such attacks, as often we synchronize mobiles with computers or else we update there OS also. I think its possible to harm mobiles also and to steal confidential information as described above in points. Therefore the users of the mobiles must be conscious enough to check those anonymous applications which they are installing.

What can a hacker make a botnet do?

Yes, its important question lets go in deep, as i have also told you above that what he can so, but lets describe here deeply! Well a botnet can do anything which you can imagine by the use of many computers connected in network.

1- Distributed Denial-of-Service Attacks (DDoS)
2- Spamming
3- Sniffing Traffic & Keylogging
4- Infecting New Hosts
5- Identity Theft
6- Attacking IRC Chat Networks
7- Hosting of Illegal Software
8- Google AdSense Abuse & Advertisement Addons
9- Manipulating online polls
10- Remote use of computers
11- Attacking bank computers (Atm or any others since they are also networked)

Yes, Ofcourse these are of vast uses. Often hacker embeds the .exe file under the image or the popup, announcing that you have won 1lac million dollars but this is fake actually they are enticing you to click on the image so that .exe may install in your computer to make you computer part of botnet.

Distributed Denial-of-Service Attacks (DDoS):
Botnets are frequently used for Distributed Denial of Service attacks. An attacker can control a large number of compromised hosts and servers from a remote workstation, exploiting their bandwidth and sending connection requests to the target host. Many networks suffered from such attacks, and in some cases the culprits were found amongst competition. Twitter was also once under ddos attack. Read about Ddos here (Flood A Website by Ddos: Denial Of Service Attack), as i have covered it already. Also Torrents can be used to achieve this goal read here (Bitorrent as Ddos) to get more information.

Spamming:
What will you do if you come to know about spamming source or a phishing? Yeah, you will ban the ip of the attacker but will it make you safe? No, Because today botnet are hot favourite of spammers, Loosing (Blocking) one zombie won't greatly effect there attack. Single spam message could be sent to the botnet and then distributed across bots by use of controllers, which send the spam. The spammer stays anonymous and all the blame goes to infected computers. Now these spam messages may contain some other trojans and programs which will make you computer zombie also. Yes, So in other way we can say that its a chain if we are smart enough we can recognize it thats the reason i am making this post.

Keylogging and Sniffing Data Exchange i-e Traffic:
Bots can be used to sniff all the data which the machine is exchanging, it means that hacker can get your passorods and bank accounts pin codes without letting you know that what is going on. Therefore sniffing the traffic can let the hacker know a lot about you that what yu browse over internet and what are your habits, Well about keyloggers it is obvious that they will keylog your all keyboard strokes and will send it to hacker.
Read my Posts on RATs!

Identity Theft:
Yes, After getting alot of information about the victim now the hacker can make fake id,s of him or her to harm or to black mail victim. Using it the hacker can do something bad by using his/her id and the blame comes at victim he or she has to pay for it.

Attacking IRC Chat Networks:
Botnets are also used for attacks against Internet Relay Chat IRC networks, also called clone attack. In attack, the controller orders each bot to connect a large number of clones to the victim IRC network. The victim is flooded by service request from thousands of bots or thousands of channel-joins by these cloned bots. In this way, the victim IRC network is brought down similar to a DDoS attack.

Hosting of Illegal softwares and Movies:
Since a hacker can control a large number of hosts using bots therefore these bots can be used to host softwares and illegal movies i-e such movies whose copyrights are not purchased and is camrip, or else is illegal or banned in a country, So that the hacker may bot be caught and all the blame comes to the server os hosting owners. Since these hostings are controlled under one controller therefore its much easier to host such things.

Doing Google Adsense, Chitika, Infolinks or similar click frauds:
As the botnet consists of large number of zombies (Infected computers) which are connected to the internet as shown in the figure with different ip address. Now, as we know that chitika, google adsense and infolinks pay per click, Therefore the hacker will use very zombie to click on the adds after a short time regularly and thus this will be great source of income as the same ip,s are not clicking ads rather they are from different locations or different countries.

Manipulating Online Polls:
Online polls are getting more and more attention and it is rather easy to manipulate them with botnets. Since every bot has a distinct IP address, therefore every casted vote means that a real person has voted from his laptop or personal computer.