Archive

Things You Need to Know About Botnets

A botnet may be small or large, depending on the complexity of malware running on the infected machines.

There are accounts of large botnets, comprised of tens of thousands individual machines acting as one for the sole benefit of the botmaster. Smaller botnets can range from hundreds to a thousand drones. Most computer users do not realize that they are part of the botnet until visible symptoms of infection appear.

Malicious botnets rely on Internet Relay Chat (IRC) bots. IRC is a form of real-time communication using the Internet, and it is mostly designed for group communication. Unlike instant messaging, IRC allows one-to-many communication in channels (a kind of discussion forum). There are extremely many types of IRC-based bots, ranging from extremely simple experiments to ultra-sophisticated functionalities. Regardless of their sophistication level, they are always joining a specific IRC channel on an IRC server, in order to wait for subsequent commands from the botmaster. Some Complex IRC bots also feature their own spreading routines, which allow them to infect other computers connected to the Internet in a similar manner to the worms.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.