The term "botnet" may be used to describe virtually any group of bots, but in general it is most commonly used to describe a group of computers that have had their security compromised (also known as zombie computers) and are running programs that have been installed by malicious worms, backdoors, or Trojans under a command and control infrastructure. So how do these groups of computers go from functioning normal to turning into botnets?
Initially, a botnet operator distributes viruses or worms that infect the computers of ordinary users and result in the installation of a malicious program, also known as the "bot". The bot then logs into a particular IRC or web server, also known as the command and control center (C&C). The operator rinses and repeats this server, and soon has an entire network of zombie computers, or a botnet. These groups of stolen resources can be very valuable to spammers, who may buy the botnet from the operator and use it for spamming purposes. For instance, the spammer can send instructions to the infected PCs causing them to send out spam messages in huge volumes that could not be achieved from one machine.
The most common types of exploitative uses of botnets include:
Launching denial-of-service-attacks (DDoS attacks), which are basically attacks caused by sending extremely large amounts of requests to a server causing it to become overloaded and in some cases shut down entirely.
Creation and/or misuse of SMTP mail relays
Click Fraud (which involves the exploitation of pay-per-click advertising models)
Theft of application serial numbers, login IDs, passwords, and private financial information like credit card and banking numbers.
There is an entire online community of botnet creators and controllers who are constantly in competition with each other to achieve the highest amounts of bots, hijack the most bandwidth, and secure the most valuable infected machines such as official university, corporate, and even government owned machines.
So how do you know if your computer has been unfortunate enough to have its security compromised and has become a zombie bot in part of a botnet? The fact of the matter is that millions of computers are infected and being used as a part of a botnet and the owners of those machines have absolutely no idea. The payload programs that the botnets depend on that are installed via worms, Trojans, or backdoors are specifically designed to avoid detection, thus maximizing the lifespan of the zombie computer, which is in the best interests of the botnet operator and his clients.
There are programs that you can download and install that will monitor your PC and check for any suspicious activity indicative of a botnet scenario. RUBotted is one such program, and it is distributed as freeware. If you have even the slightest suspicion that your computer may be infected and being used as a zombie, it is highly recommended that you install such a program to diagnose your PC.
Aside from using software to determine if your computer is infected, there are several signs you should be on the lookout for. Unusually slow performance may be a tell tale sign that your system has been compromised. Strange error messages may also be warnings that you should take into account, along with any other unusual activity on your PC. If you receive an error message that you are unfamiliar with or cannot explain, it might be a good idea to do a Google search of that exact strain of words and see what comes up. If it is indeed the product of a botnet infection, you will likely find information related to it posted by other users who have had the bad luck of encountering it.
Keep in mind that these types of viruses generally do not disable your computer, as they actually depend on the functionality of their host computers to maintain their value to the operator. Just because your computer is running and allowing you to access the internet should never be taken as a sign that your computer can be ruled out as a zombie.
