14,952
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − {{Glossary|+ − |note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS''' − | logo = DNS Seal.png − |link = http://dnsseal.wiki/ − }} − '''Botnet Attacks''' involve networks of infected computers controlled by a hacker or "botherder"<ref name="norton">[http://us.norton.com/botnet/ Bots and Botnets—A Growing Threat], Symantec Corporation</ref> remotely and without the consent of the computers' owners.<ref name="kasper">[http://usa.kaspersky.com/internet-security-center/threats/botnet-attacks#.Ut269fbTmfQ Botnet Attack Information], Kaspersky Lab</ref><ref name="shadow">[http://www.shadowserver.org/wiki/pmwiki.php/Information/Botnets Botnets], Shadowserver.org</ref> These infected computers take orders from the botherder and can be used in complex cyberattacks, including but not limited to [[Fast Flux]] attacks where the controller uses the network to hide his or her location, [[Spam]] attacks, and [[Phishing]] attacks without the knowledge of the Internet user.<ref name="norton"/><ref name="shadow"/> The term botnet comes from the combination of robot and network.<ref name="kasper"/> Sometimes botnets are referred to as zombie computers or zombie networks because they infect other computers and act without the knowledge of their owners.<ref name="norton"/><ref name="fbi">[http://www.fbi.gov/news/news_blog/botnets-101 Botnets 101: What They Are and How to Avoid Them] (June 5, 2013), Federal Bureau of Investigation</ref> They can also be hard to detect and shut down once they are established.<ref name="bbc">[http://www.bbc.co.uk/news/technology-25185232 Zombie botnets: Why some crime networks refuse to die] by Mark Ward (January 20, 2014), BBC</ref> For example, when part of the Kelihos botnet was taken down, it reappeared within 4 months.<ref name="sym"/> + − + − + − + − ==Outcome==+ − + + + + + + + + + − + − + Line 51:
Line 55: − +
→Notorious Botnets
'''Botnet Attacks''' involve networks of infected computers controlled by a hacker or "botherder"<ref name="norton">[http://us.norton.com/botnet/ Bots and Botnets—A Growing Threat], Symantec Corporation</ref> without the consent of the computers' owners.<ref name="kasper">[http://usa.kaspersky.com/internet-security-center/threats/botnet-attacks#.Ut269fbTmfQ Botnet Attack Information], Kaspersky Lab</ref><ref name="shadow">[http://www.shadowserver.org/wiki/pmwiki.php/Information/Botnets Botnets], Shadowserver.org</ref> These infected computers can be used in complex cyberattacks, including but not limited to [[Fast Flux]] attacks where the controller uses the botnet to hide his or her location, [[Spam]] attacks, DDOS attacks, and [[Phishing]] attacks, all without the knowledge of the computer's owner.<ref name="norton"/><ref name="shadow"/>
The term botnet comes from the combination of robot and network.<ref name="kasper"/> Sometimes botnets are referred to as zombie computers or zombie networks because they infect other computers.<ref name="norton"/><ref name="fbi">[http://www.fbi.gov/news/news_blog/botnets-101 Botnets 101: What They Are and How to Avoid Them] (June 5, 2013), Federal Bureau of Investigation</ref> They can also be hard to detect and shut down once they are established, especially when the average user may not realize they are part of one.<ref name="bbc">[http://www.bbc.co.uk/news/technology-25185232 Zombie botnets: Why some crime networks refuse to die] by Mark Ward (January 20, 2014), BBC</ref> For example, when part of the Kelihos botnet was taken down, it reappeared within 4 months.<ref name="sym"/>
==Public Perception==
==Notorious Botnets==
Botnets are considered by the Internet security community to be a major threat to general security and personal information.<ref name="norton"/><ref name="sophos">[http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf Security Threat Report 2014] (PDF), Sophos</ref> Individuals, however, may not be aware that their computers are infected, making botnets an insidious threat.
Botnets are considered by the Internet security community to be a major threat to general security and personal information.<ref name="norton"/><ref name="sophos">[http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf Security Threat Report 2014] (PDF), Sophos</ref> Individuals, however, may not be aware that their computers are infected, making botnets an insidious threat. Botnet attacks negatively affect the Internet community and many personal users through identity theft, poor computer performance, spam, and [[malware]].
* Emotet - (identified 2021, 2022); still active; compromised email addresses sending thousands of messages with malware-laden attachments, popularizing thread hijacking<ref>[https://www.spamhaus.org/news/article/812/emotet-email-aftermath Emotet Email Aftermath, SpamHaus News]</ref>
* TrickBot - (2016); banking Trojan that can steal financial details, account credentials, and personally identifiable information<ref>[https://www.cisa.gov/uscert/ncas/alerts/aa21-076a Trickbot Alert, CISA]</ref>
Botnet attacks negatively affect the Internet community and many personal users though identity theft, poor computer performance, spam, and [[malware]].
* 3ve - (2018); ad fraud
* Mirai - (2016); first major botnet to infect insecure IoT devices
* Methbot - (2015)
* Mariposa - (2008); took credit card numbers and passwords to accounts on financial services sites using malvertising. Spanish law enforcement brought down the operation when they discovered a record of everyone who paid to rent the network.<ref>[https://www.humansecurity.com/learn/blog/9-of-the-most-notable-botnets Notable Botnets, Human Security Blog]</ref>
* Kraken - (2008); first observed to use evasion techniques to avoid detection by anti-malware software, even when auto-updated.
*Grum - (2012); pharmaceutical spam
*Cutwail - (2007, 2014, 2018); still active
*Storm - (2008); first known peer-to-peer botnets
*EarthLink Spammer - (2000); phishing scams masked as communications from legitimate websites sent by Khan K. Smith
==Historical Use==
==Historical Use==
*Botherders or controllers frequently target PCs without adequate security protection such as personal home computers with Internet access.<ref name="ss">[http://searchsecurity.techtarget.com/definition/botnet botnet (zombie army)] by Margaret Rouse (February 2012), SearchSecurity.com</ref> Botherders can also create zombie computers by getting an Internet user to unintentionally download malware.<ref name="fbi"/> According to the [[GNSO]]'s Registration Abuse Polices Working Group (RAPWG) report, botnet controllers can use registered or unregistered domains to give infected computers instructions or updates.<ref name="rapwg">[http://gnso.icann.org/en/group-activities/inactive/2011/rap Working Group Final Report; Submitted on May 29, 2010] (PDF), Internet Corporation for Assigned Names and Numbers (ICANN)</ref> If the botnet had been communicating with a certain domain name and the name expires but then is re-registered, the botnet may become active again.<ref name="bbc"/>
*Botherders or controllers frequently target PCs without adequate security protection such as personal computers with Internet access.<ref name="ss">[http://searchsecurity.techtarget.com/definition/botnet botnet (zombie army)] by Margaret Rouse (February 2012), SearchSecurity.com</ref> Botherders can also create botnets by getting an Internet user to unintentionally download malware.<ref name="fbi"/> According to the [[GNSO]]'s Registration Abuse Policies Working Group (RAPWG) report, botnet controllers can use registered or unregistered domains to give infected computers instructions or updates.<ref name="rapwg">[http://gnso.icann.org/en/group-activities/inactive/2011/rap Working Group Final Report; Submitted on May 29, 2010] (PDF), Internet Corporation for Assigned Names and Numbers (ICANN)</ref> If the botnet had been communicating via a certain domain name and the name expires, the botnet may disappear temporarily but become active again when the domain is re-registered.<ref name="bbc"/>
*According to a BBC news report, 5-10% of all computers are infected and act as part of a botnet.<ref name="bbc"/> Estimates about the relative sizes of botnets vary, starting with botnets as small as a few hundred computers leading up to botnets that exceed 50,000 compromised computers.<ref>[http://www.honeynet.org/node/62 Lessons Learned] (August 10, 2008), The Honeynet Project</ref> Some extensive botnets may have more than half a million infected computers.<ref name="sophos"/>
*According to a BBC news report, 5-10% of all computers are infected and act as part of a botnet.<ref name="bbc"/> Estimates about the relative sizes of botnets vary, starting with botnets as small as a few hundred computers leading up to botnets that exceed 50,000 compromised computers.<ref>[http://www.honeynet.org/node/62 Lessons Learned] (August 10, 2008), The Honeynet Project</ref> Some extensive botnets may have more than half a million infected computers.<ref name="sophos"/>
*As stated in previous sections, botnets can be used in multiple ways that threaten Internet users. For example, botnets can relay information from individual computers back to the botherder by using keylogging software. This information, including passwords or credit card or bank account numbers, can then be used by the network controller.<ref name="ss"/> Botnets can also be used in Disbtrubed Denial of Service (DDoS) attacks, <ref name="ss"/> fast flux attacks, phishing attacks, spam campaigns,<ref name="kasper"/> identity theft, clickfraud, and distributing malware.<ref name="norton"/><ref>[http://www.honeynet.org/node/52 Uses of botnets] (August 10, 2008), The Honeynet Project</ref> Botnets can also affect mobile devices and phones, and a Symantec report stated that a botnet infected mobile app has generated anywhere from $1,600 to $9,000 per day.<ref name="sym">[http://www.symantec.com/security_response/publications/threatreport.jsp 2013 Internet Security Report, Vol. 18] (PDF), Symantec Corporation</ref>
*Botnets can be used in multiple ways that threaten Internet users. For example, botnets can relay information from individual computers back to the botherder by using keylogging software. This information, including passwords, credit cards, or bank account numbers, can then be used by the network controller.<ref name="ss"/> Botnets can also be used in Distributed Denial of Service (DDoS) attacks, <ref name="ss"/> fast flux attacks, phishing attacks, spam campaigns,<ref name="kasper"/> identity theft, clickfraud, and distributing malware.<ref name="norton"/><ref>[http://www.honeynet.org/node/52 Uses of botnets] (August 10, 2008), The Honeynet Project</ref> Botnets can also affect mobile devices and phones, and a Symantec report stated that a botnet infected mobile app has generated anywhere from $1,600 to $9,000 per day.<ref name="sym">[http://www.symantec.com/security_response/publications/threatreport.jsp 2013 Internet Security Report, Vol. 18] (PDF), Symantec Corporation</ref>
*In 2014, the FBI in collaboration with law enforcement officials from multiple countries "disrupted" the Gameover Zeus botnet, which has allegedly been responsible for $100 million in losses.<ref name="gameover">http://www.pcworld.com/article/2357820/law-enforcement-agencies-disrupt-gamover-zeus-botnet.html by Grant Gross (June 2, 2014) PCWorld</ref> This botnet is believed to comprise anywhere from 500,000 to 1 million computers.<ref name="gameover"/> The operator of this botnet could face bank fraud, [[Wire Fraud Statute| wire fraud]], conspiracy, and [[Computer Fraud and Abuse Act| computer hacking]] charges.<ref name="gameover"/>
*In 2014, the FBI in collaboration with law enforcement officials from multiple countries "disrupted" the Gameover Zeus botnet, which has allegedly been responsible for $100 million in losses.<ref name="gameover">http://www.pcworld.com/article/2357820/law-enforcement-agencies-disrupt-gamover-zeus-botnet.html by Grant Gross (June 2, 2014) PCWorld</ref> This botnet is believed to comprise anywhere from 500,000 to 1 million computers.<ref name="gameover"/> The operator of this botnet could face bank fraud, [[Wire Fraud Statute| wire fraud]], conspiracy, and [[Computer Fraud and Abuse Act| computer hacking]] charges.<ref name="gameover"/>
<references/>
<references/>
[[Category:Bad Practice]]
[[Category:DNS Abuse]]