BOTNETS

What Bots Can Do?

Bots are highly specialized tools that can perform multiple tasks for their masters. However, they all share a common set of essential features. The common features might be implemented with various names on miscellaneous bots, but they ultimately have the same destructive potential.
One of the most important functions implemented into a bot is the update feature. This means that the bot is able to download and execute a specific file located on a remote server in order to update its own code with a more efficient and effective version. However, unlike commercial software updaters that automatically check for newer versions at startup, the bot update is only initiated when the botmaster commands it across the compromised network. The update feature is also widely used to run another batch of malware applications onto the host computer (including viruses, Trojans or worms). Flood (also known as Denial of Service or Distributed Denial of Service ) is another important feature built into any malicious bot.
 
DoS attacks are designed to hinder or stop the normal functioning of a web site, server or other network resource by flooding it with more network traffic than it is able to handle. DDoS attacks are similar to the DoS ones, except for the fact that they are carried using multiple compromised machines at the same time.
 
This allows the bot to perform false requests to a specific Internet address in order to overload it beyond the point of normal functioning. A flood attack would easily render a server useless, thus getting it out of production for an undetermined amount of time. This kid of attack is usually used as a blackmail tool, as we will discuss later.
 
Spamming is another popular choice for using bots. This kind of functionality allows the bot to download a spam message template, and then start sending it to any of the e-mail contacts in a spam list. In order to maximize efficiency, each bot is assigned a different e-mail list, or at least a different e-mail range.
Many of the existing bots also include a proxy server that allows remote attackers to connect to the Internet using the compromised machine

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.