Botnets: Uses and Consequences

Published: November 5, 2011

Why should users be concerned if their computers are infected by rootkits and joined to botnets? The answer is the damage that their infected systems can do. There are myriads of harmful uses for botnets and bot-herders are not limited to a single type. The following list defines some of those uses:

  • Distributed Denial-of-Service Attacks
  • Spamming
  • Sniffing Traffic
  • Key logging
  • Spreading new malware
  • Installing Advertisement Add-on's and Browser Helper Objects (BHOs)
  • Google AdSense abuse
  • Attacking IRC Chat Networks
  • Manipulating online polls/games
  • Mass identity theft

Botnets are not limited to any one type of activity and participating bots may contain add-on Trojans as payloads, in fact; controlling botnets has grown into big-business.

The Business of Bots

Viruses evolved into worms or nefarious code that retain the ability to infect new hosts without the aid of users. The ability of these worms to seek out new hosts led to the inclusion of rootkits and botnet development. Schiller (2007) proposed some alarming questions that describe the current nature of botnets. These questions are as follow:

  • What if each PC infected by a worm remained under the control of the worm's author?
  • What if notoriety was no longer the driving force among hackers?
  • What if the purpose for writing worms drifted to making money?

The what if component in the above questions is no longer hypothetical; those states currently exist.

Botnet Underground

There are underground opportunities for bot-herders to accumulate large sums of money by performing the attacks listed in the previous section for hire. Some bot-herders create web sites dedicated to offering their services. Berinato (2007) reported that security researchers discovered a very large Eastern European e-Business website that charges clients to infect host computers and join those computers to a botnet.

This particular site, called loads.cc, is not alone; there are others. Many of these sites are located in countries with lax security control of their top level domains. The ccdomain is assigned to a territory of Australia but the loads.cc website is believed to originate out of Russia. A business model open to anyone that only charges 20 cents to infect a host, the business model of loads.cc, presents a number of security concerns: unsuspecting victims may own infected machines hosting dozens of bots, each connecting the host to a botnet.

Using the collections of infected computers, cybercriminals have gleaned enough personal data to continue identity-theft operations for many years. The economic impact of spamming operations is just as alarming. As stated by Spammer-X, (2004), spammers can easily send thousands of e-mails from different machines and the risk of these spammers being caught is very low when using botnets.

The interest from spammers became so great that hackers began to sell Botnets, and dealing in compromised machines became part of a secret underground virtual economy. …In the beginning the cost was high. For a 200 zombie botnet, a spammer or hacker could expect to pay up to $1,000.00, but as more worms propagated, the price dropped. Soon, exclusive control over 1000 hosts could be bought for as little as $500.00. Now, exclusive control over a single zombie can sell for as little as 10 cents! (Spammer-X, 2004).

That the business of botnets is exploding is a conclusion that cannot be denied. The number of intercepted botnet communications has grown from a daily figure of 333,023 in June of 2006 to a daily figure of 7,303,148 by January of 2008.

Consequences of Infection

Individuals and organizations are responsible for the activities originating from their computers. Although civil liability or criminal prosecution may be avoided if the activity can be linked to a system compromise, these consequences should be a concern to all computer users. According to Delio (2004), dozens of respondents to a news story claimed to have lost jobs or their good reputations when traces of pornography were found on their computers after being placed their, by a browser hijacker. The case of “Jack” provides a more detailed example:

A victim named Jack by Delio (2004) experienced uncontrollable browser hijacking as the result of a botnet infection. The re-directs often led Jack's browser to illegal porn sites. These sites appeared as pop-ups and closing one site resulted in opening up others. Jack's start page was changed and his favorites were changed to point to illegal porn sites. The only way to stop the activity was to turn off the computer. When Jack later tried to connect to the web, he was once again directed to illegal porn sites and pictures of child porn would display in pop-ups. The police finally raided Jack's house and confiscated his computer, which resulted in Jack spending 180 days in a correction's institution.

Jack’s case, although extreme, demonstrates the possible consequences to unsuspecting victims of Trojans and botnets but all users should remember that they are responsible for the traffic that flows across their Internet connections. Another overlooked consequence to the user is the unnecessary replacement of infected computers. "Newer machines feel old, so people end up buying new machines more often than they have to" (Acohido and Swartz, 2008).

Perhaps the greatest consequence of botnet infection is the effect on the communications infrastructure. “Says Adam O'Donnell, Cloudmark's director of emerging technology; Telecoms and Internet service providers must absorb the cost of carrying botnet traffic; they can be expected to pass that expense onto companies and consumers, he says” (Acohido and Swartz, 2008).

What are your thoughts?

As always, the author appreciates all comments.

More by this Author


Comments 7 comments

fima 4 years ago

There were 2 very serious articles, one from

Homeland wire web site and another from Fox news web site.

Both articles wrote about my criminal case of porn possession from

2002 - 2004. They have links to article in Wired News 'Browser

Hijackers Ruining lives' written after interview with me in 2004

http://www.wired.com/techbiz/it/news/2004/05/63391

You can read in article "Digital DNA the new DNA' in Homeland Security wire:

http://www.homelandsecuritynewswire.com/dr20111129...

‘With the increasing ubiquity of computers, smart phones, and other

electronic devices comes a torrent of "digital DNA," which can be used

to record an individual's every move and even convict them of a crime’

Also about my case:

‘In one case from 2002, an individual was sent to jail after police

found pornographic images on his computer, but security experts later

said law enforcement officials had mishandled the digital evidence.’

I think this is very serious web site, and this is very serious accusations

The experts explained that a “browser hijacker” could have been used

to remotely plant the pornographic images on the suspect’s computer

without their knowledge.

There was also article in Fox News 'Fighting crime with digital DNA'

There is also link to Wired article 'Browser Hijackers Ruining lives'

When I was interviewed for this article in 2004 I provided full

information about myself

http://www.foxnews.com/scitech/2011/11/18/fighting...

Fox news Editor Jeremy Kaplan wrote

‘Attorneys are very good at taking digital evidence out of context and then convincing a jury of the guilt of someone based on it

In 2002, "Jack" was sent to jail after police found pornographic

images on his home computer. Security experts later told Wired News

that the digital data had been mishandled: They suggested it could

have been put on his computer remotely through what's called a

"browser hijacker" -- a malicious bit of software that changes browser

settings and can easily be built to store data on a PC'

You may understand that this is all very serious. Hennepin county law

enforcements mishandled digital evidence in 2002-2004. And you may

remember who was District Attorney in this county in 2002-2004: Amy

Klobuchar, now US Senator.

I do not understand why they published this 10 years later. I may tell

you that I am still surprised at what degree law enforcements did not

care about any evidence in 2002-2004. They just wanted to convict me.

I just think if Fox News and Homeland Security Wire web sites wrote

about this 10 years later, many others may be interested.

In 2004 article 'Browser Hijackers ruining lives' was read by many

millions of people in different countries. This is classical example

of different kinds of misbehavior. Too many people remember this


Fima Estrin 5 years ago

Here is case of school teacher Julie Amero

http://en.wikipedia.org/wiki/State_of_Connecticut_...


Dumbledore profile image

Dumbledore 5 years ago from Somewhere in Ohio Author

Fima,

I am very pleased to correspond with you through hub pages. I came across the article while doing research on the topic of botnets and decided that the example demonstrated the extreme consequences of someone else taking over a computer.

I use this example in a class I teach on network security because this example seems to make many of my students wake up to the possible dangers of surfing the web.

I am very sorry for the way the legal system treated your case. I feel the sentence was extreme, since you really did not know what your computer was doing.

I would welcome your comments on any other hubs I write -- please stay in touch; I would like to know how things work out for you.


FIma 5 years ago

I sent an answer but it got deleted

I am jack from this article


Fima Estrin 5 years ago

Yes. I was on probation and did not want my real name to be published. reporter Dellio sent me list of question.

She named me Jack

Also she interviewed Brian Rothery, Irish writer who wrote my story. There were many more articles, and security professional were interested. One company offered to defend me free, but it was too late. prosecutors promised me many years in prison if I am not plead guilty.


Dumbledore profile image

Dumbledore 5 years ago from Somewhere in Ohio Author

Fina,

Are you "Jack" from the article?


Fima Estrin 5 years ago

Article Browser Hijacker ruining lives were written after interview with me

http://estrinyefim.newsvine.com/_news/2010/07/29/4...

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working