Tuesday, April 12, 2011

What are bots ?? and how do they attack ???

First of all , what the bots ???

Bots are the system that have been taken over by the hacker are used to perform malicious tasks .

How can computer become a bot ??

Computer will be a bot when it downloads a illegal software or email attachments which have bot software embedded  in them . Botnet is a network of bots which keeps on attacking victim's system .

What can a botnet's do ??
A botnet is considered a botnet if the botnet is taking action on the client itself via IRC channels without the hackers having to login to the clients computer. A botnet consists of many threats into one. The typical botnet contains of a bot server (usually an IRC server) and one or more botclients.

Like many things on internet bots have became has very useful tools for hackers , Bots are developed by a hacker who could sit on a IRC channel and bot will do the things for his owner . Soon after the release of the first IRC bot, few worms had exploited vulnerabilities in IRC clients and used the bots to steal passwords, log keystrokes, and hide its identity. The main aim for botnets are for recognition and financial gain.

Commonly botnets are used to perform denail of service attack or sending the spams .Due to the large numbers of compromised machines within the botnet, huge volumes of traffic (either email or denial of service) can be generated. However, in recent times the volumes of spam originating from a single compromised host have dropped in order to thwart anti-spam detection algorithms – a larger number of compromised hosts send a smaller number of messages in order to evade detection by anti-spam techniques.

Different Types of Bots

Here is a list of the most used bots in the Internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot

These are currently the best known bots with more than 500 versions in the Internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot

Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sophisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots

These bots have many versions in the Internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.


Malicious Uses of Botnets

A botnet can have a lot of malicious applications. Among the most popular uses of botnets are the following:

Denial of Service Attacks

A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.
Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Spamming and Traffic Monitoring

A botnet can also be used to take advantage of an infected computer’s TCP/ IP’s SOCKS proxy protocol for networking applications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.
Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Key logging and Mass Identity Theft

Encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a key logger program in the infected machines. With a key logger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.
Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the user name and password.

Formation and exploitation



This example illustrates how a botnet is created and used to send email spam.

  1. A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot.
  2. The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in some cases a web server).
  3. A spammer purchases the services of the botnet from the operator.
  4. The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.
 Source : Google , wikipedia


Anonymous said...

how to stop bots

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Vamshi krishnam raju | Bloggerized by Vamshi krishnam raju - Vamshi krishnam raju | Vamshi krishnam raju