Crimeware: Bots

What's a Bot?

"Bot" is actually short for robot – not the kind found in science fiction movies or on the production line in a manufacturing business. Bots are one of the most sophisticated types of crimeware facing the Internet today. Bots are similar to worms and Trojans, but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the cybercriminals) who are often safely located somewhere far across the Internet. Tasks that bots can perform run the gamut from sending spam to blasting Web sites off the Internet as part of a coordinated "denial-of-service" attack. Since a bot infected computer does the bidding of its master, many people refer to these victim machines as "zombies."

Bots sneak onto a person's computer in many ways. Bots oftentimes spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are awoken by their master to perform a task. Bots are so quiet that sometimes the victims first learn of them when their Internet Service Provider tells them that their computer has been spamming other Internet users. Sometimes a bot will even clean up the infected machine to make sure it does not get bumped off of the victim's computer by another cybercriminal's bot. Other ways in which a bot infects a machine include being downloaded by a Trojan, installed by a malicious Web site or being emailed directly to a person from an already infected machine.

Bots do not work alone, but are part of a network of infected machines called a "botnet." Botnets are created by attackers repeatedly infecting victim computers using one or several of the techniques mentioned above. Each one of the zombie machines is controlled by a master computer called the command and control server. From the command and control server, the cybercriminals manage their botnets and instructs the army of zombie computers to work on their behalf. A botnet is typically composed of large number victim machines that stretch across the globe, from the Far East to the United States. Some botnets might have a few hundred or a couple thousand computers, but others have tens and even hundreds of thousands of zombies at their disposal.

Flash Demo: Bots

An animated overview of how bots and botnets work, as well as how they are used to commit cybercrime.

Flash Demo