One of the most significant indicators of the evolution of cyber crime is the botnet, an extremely sophisticated and popular type of malware that not only infects systems, but also gives criminals control of the compromised computers. Botnets allow cyber criminals to take control of multiple systems at a time, and turn them into ‘zombie' computers, which operate as part of a powerful ‘botnet' to spread viruses, generate spam, and commit other types of online crime and fraud.
Also known as “Web robots,” bots are usually part of a network of infected machines, known as a “botnet”, which is typically made up of victim machines that stretch across the globe. Since a bot-infected computer does the bidding of its master, many people refer to these victim machines as “zombies.”
The cybercriminals who control these bots are called botherders or botmasters. Networks of “zombie” computers are flourishing across the world, and India is one of the most-infected countries. In fact, 62,623 bot-infected computers were observed in India in 2009, according to Symantec's Internet Security Threat Report XV.
Vulnerable cities
Amongst the cities in India with the highest number of bot-infected computers, Mumbai – the financial capital of India – figured at the top with 50 per cent followed by Delhi at 13 per cent and Hyderabad at 7 per cent. Cities like Bangalore (6 percent), Kochi (5 per cent), Chennai (4 per cent), Ahmedabad (2 per cent) and Pune (3 per cent) too had a sizeable share of bot-infected computers.
Botnets are so dangerous that they can bring down the entire infrastructure of large businesses and even countries. In 2007 the Internet in Estonia was shut down due to denial-of-service attacks that were caused by being overwhelmed by botnet contact, and Georgia was severely disabled by botnets in 2008. Botnets can also disable news sources, transportation websites, or overpower other important websites.
Bots spread themselves across the Internet by searching for unprotected computers to infect. When they find one, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry out a task, such as:
Sending spam, viruses or spyware
Stealing confidential information and communicating it back to the malicious user, including credit card numbers, bank credentials and other sensitive data
Launching denial of service (DoS) attacks against a specified target. Cybercriminals extort money from website owners, in exchange for regaining control of the compromised sites.
Committing “Clickfraud”, by which fraudsters use bots to boost Web advertising billings by automatically clicking on Internet ads.
Several large-scale bot networks have gained attention recently. Zbot, otherwise known as the Zeus botnet, has been around for a quite a while and has been called the “King of Bots”; it has infected millions of computers worldwide.
Zeus is a malware package that is readily available for sale and also traded by Zbot peddlers in underground forums, for as low as $ 700! While Zbot is a generic back door that allows full control by an unauthorised remote user, its primary function is financial gain.
In early October, crime-prevention bodies across the globe — FBI in the U.S., the Netherlands Police Agency and the U.K.'s Metropolitan Police Service, among others — arrested over 100 people who attempted to siphon as much as $220 million through stolen login credentials. Victims' PCs were infected with Zbot, which was used to hijack bank account login information.
Because Zbot is a package that is readily available, vectors of infection vary widely, with popular methods including drive-by downloads and spam. Zbot has been used to impersonate social networking websites and was behind many of the headline-grabbing social networking attacks last year. Zeus is popular among cyber criminals also because it is continuously updated to provide new features and functionality. The ease-of-use of Zeus means the Zeus bot is used widely, allowing even novice hackers to easily steal online banking credentials and other online credentials for financial gain.
SMS route
Criminals who create and control botnets are not only dangerous, they are also continuously evolving. 2009 saw the first smart phone botnet that took advantage of users' contact lists to spread itself via SMS. Because people use smart phones to check e-mail, bank online, and do all of the little things that they would do on a normal computer, they're becoming bigger targets for malware.
Going by names such as “Sexy View” or “Sexy Girl” and now “Sexy Space,” the threat propagates through suggestive SMSes, which direct-message recipients to download the threat from an external URL. The threat gathers information from the phone and sends it to predetermined addresses in addition to spamming other phones and propagating.
Proliferation of handheld devices, which are largely unprotected, presents attackers with a new window of opportunity to carry out malicious activities. And botnets like Zeus only make it easier for them.
(The author is Vice-President, India Product Operations, Symantec)
