Technical Background

What are Botnets?
What is Malicious Software (Malware)?
How does a Computer get infected?
What damage can a Botnet infected computer do?

What are Botnets?

The Federal Office for Information Security has provided useful information on this site and, amongst other things, a Botnet video has also been made available.

It has to be understood that Botnets exist of a network of computers and are united after being infected with a malicious payload. Once an Internet connection has been established, they can respond to remote commands sent from cyber criminals. Each individual computer will be recognised as a „Bot“ or „Zombie“ PC; Thereby a Bot is principally a malicious program itself, however the meaning "Bot" is associated with the System.

The Network connection and local resources on the infected computer will be used by Cyber Criminals for different purposes without any knowledge of its owner; Your own comuputer will go unnoticed distributing spam In addition these can be used in deployment of DDoS-Attacks or Phishing, this means it is also possible that personal data and passwords get tapped.

Botnet operators want to hijack as many computers as possible thus exploiting available resources for use at their own disposal and expand further afield. They use Botnets not only for themselves, but also rent them to other criminal markets. Botnets hold and expand themselves, in which the appropriate malicious software circulates and infects other computers.

It is assumed that a quarter of all computers worldwide are part of a Botnet. Germany ranks in within the Top Ten. Not to mention that this is also due to an efficient Internet infrastructure being available. Botnets themselves function as an infrastructural foundation of Internet crime and are one of the largest illegal forms of income in the Internet.

What is Malicious Software (Malware)?

The definition Malicious Software or otherwised known as "Malware", is a program that runs unwanted or as hidden functions on the affected Computer. Malicious programs are fully functional and often independent programs created and spread by experienced programmers with criminal intent. Malicious programs are i.e. Viruses, Worms, Trojans, Bots, Dialer, Scareware and Grayware.

How does a Computer get infected?

Botnets spread by deploying a "Bot" to non-infected Computers. This can happen in a number of different ways:

• Infected Emails:
  A user will be prompted to run or open an attachment in an email, or to click on a link which connects them to an infected website. If the program is run from a link, malicious software will be installed on their PC and make them part of a Botnetwork. This type of exploit happens very frequently via Phishing-Mails which become even more sophisticated. In many cases emails are sent pretending to come from someones own bank.
• Downloads:
  A file will be used as a so called pre-fetch file, downloading this file made available via the Internet. Whoever downloads this program infects their computer with malicious software. The linking of malicious payload to an innocent application is called a Trojan („Trojan Horse“). This happens mostly with illegal download programs. For security reasons, legal and serious programs should only be downloaded offered from the vendors website and checked with a virus scanner.
• Exploits:
  An infection by this method is used by exploiting security holes, errors in applications, the browser or the operating system itself. Exploits are activated when the user for example clicks on a prepared link; a Drive-by-Infection is then caused, just by simply loading a manipulated website which in turn automatically triggers a download.
• Drive-by-Downloads:
  A Drive-by-Download is a so called unknown and unintentional software download onto a users computer. Other than just triggering a download of unwanted software just solely by loading the website. This of course has being especially prepared for this reason. Do not visit dubious websites, protection is only limited, because Hackers always succeed in manipulating serious Websites.

What damage can Botnet infected computers cause?

A computer hijacked by cyber criminals can be abused for different purposes:

• Distribution of Spam:
  The resources of remote controlled computers will be used to send Spam. A Botnetwork can send several million Spam mails a day.
• DDoS Attacks:
  So called Distributed Denial of Service attacks are server attacks with the intention of making its services non-functional. For example, a company's server will be bombarded with a high number of requests and can crash due to the high load. With coordinated and simultaneous requests from bots on a system, resulting finally in an overload.
• Proxies:
  A master computer bot also running as a proxy server will remotely control other bots which attack connections to third party PCs and in turn hiding their source ip-address. For the victim, the actual attacker - the remote controlling "master" will be untraceable.
• Data Theft:
  Most Bots can easily access local stored usernames and passwords from applications such as MS Messenger or read out data such as passwords and credit card numbers from web forms. This data will be transferred to „the Master“ Botnet.
• Storage medium for illegal contents:
  The hard drives of hijacked computers are also used for data storage and mostly host data of illegal contents.

Relatively few Botnet operators have hijacked millions of computers to form botnetworks and have thereby reached a processing capacity at their disposal, that is higher than all the high speed computers put together worldwide. Alone in April 2009 it was discovered that the "Mariposa" botnet consisted of over 13 million hijacked computers. Among them are even more computers from companies and the public sector. Links in so called Instant Messaging (e.g. in Chat programs), which profited from a browser security flaw, which led them to prepared websites. Besides infected files from online peer-to-peer services, also USB sticks were the cause for the infections.