sign in sign up
<<
Home , Zombie (computing)

Anatomy

Botnet—A botnet is a network of Internet-connected and -infected devices, which have been co-opted by cybercriminals. It is used to distribute CYBERCRIMINAL spam and malware, or launch distributed denial-of-service attacks. can BOTMASTER grow to 1,000,000 devices, and have been known to send up to 60 billion spam emails in a day. The term ‘botnet’ derives from the combination of the words “roBOT NETwork.”

Botmaster—Alternatively called a botnet Command and Control Server—Often controller or bot herder, the botmaster is the abbreviated as C&C, a command and botnet’s operator. This individual remotely control server is the centralized controls the botnet, issuing commands to computer that issues commands to the C&C server, or to individual bots and receives information back from within the network. A botmaster’s name the bots. Command and control and location are heavily obfuscated to infrastructure frequently consists of prevent identification and prosecution several servers and other technical by law enforcement. components. Most botnets use a C&C client-server architecture, but COMMAND & CONTROL some botnets are peer-to- peer Bot—An Internet-connected individu- (P2P), with the command-and- al device within the botnet is called a control functionality embedded in bot. A bot is most often a computer, the botnet. but a smart phone, tablet, or device can also be part of a botnet. A bot receives operational instructions from a Peer-to-Peer Botnet—Peer-to-peer command and control server, directly (P2P) botnets use a decentralized from the botmaster, or sometimes from network of bots for added protection other bots within the network. against takedowns. While P2P botnets can include a C&C server, they may also operate Zombie—Another name for a bot. Because without one and be structured randomly to the bot is controlled by an outside further obfuscate the botnet and its purpose. device or person, it is likened to a fictional While P2P botnets are less likely to be identified, ‘zombie’. A botnet is also known as a the botmaster cannot easily monitor “zombie army.” command delivery and the implemen- tation can be complex.

How a C&C Botnet Distributes Malware

1 2 3 4 A botmaster develops a The newly harvested The C&C now controls The infected zombie bots botnet by distributing bots or “zombies” report these bots and issues receive the orders, each bot malware to infect PCs or in to the botnet’s command and instructions for the bot to distrib- sending email messages carrying other devices. He may also rent control (C&C). ute executable malware files, as the malware to thousands an4 existing CYREN botnet CYBER from another THREAT REPORT | DECEMBER 2016 well as the email templates and of potential victims. criminal. potential victim address lists.