Research into the Workings of Real Botnets

« Sunbelt Software Joins Fight Against Malware | Main | Keyloggers Used in $400,000+ Theft »


Research into the Workings of Real Botnets

Kevin R. Smith

For starters, let's define what a botnet is:

Loosely speaking, a botnet is a network of computers which have been taken control of for the purpose of malicious use.

Typically, PC users whose computers have been compromised are complete unaware their computers are infected with malware. Once infected, the botnet operators have complete control of your computer and are able to use it to do their bidding, almost always without your knowledge.

Botnet operators use compromised PCs for things like: stealing credit cards, stealing banking passwords, sending spam, and identify theft. If your computer has been infected, your machine might be sending spam, and chances are you'd never know it.

"WHAT?! How is this possible?" some users ask. "Wouldn't I know when someone was on my computer when I'm already on it?"

No. You wouldn't know. Here's why:

There are a ton of different things running at all times on your computer without your knowledge. For instance, there's your network card that makes it possible for you to connect to the Internet; there are your USB ports that make all sorts of things possible like printing; there are the drivers that make your keyboard, mouse, sound card, and video card(s) work.

Each of these things is at work even though you don't know it. They all run silently in the background, (usually) obediently doing their respective job. You'd never really know your network card was receiving a signal, per se, you just know the Internet works.

Such is the case with botnet software: it works in the background, sending and receiving signals, all the while without your knowledge (especially if you're not running antivirus software.)

That's where this newly released botnet research data makes things interesting.

The folks at the Sandia National Labs in Livermore, California, are building a huge botnet research network of over 1,000,000 virtual machines on a Dell supercomputer.

With this research network, according to the New York Times, Sandia Labs plans to study how botnets work so they can be more effectively fought and defeated.

The reason it's so hard to figure out what's going on is because it's hard to get perspective on the networks. Sure, you might be able to see what's going on on an infected machine, or even a dozen, but given that botnets can easily exceed 1,000,000 computers, seeing what the entire network is doing (or at least a big chunk of it) is pretty much impossible.

"'When a forest is on fire you can fly over it, but with a cyberattack you have no clear idea of what it looks like," said Ron Minnich, a Sandia scientist who specializes in computer security.

"'It's an extremely difficult task to get a global picture.'"

Hopefully, the end result will be a much better perspective of how botnets work and a clearer understanding of what it takes to defeat them.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Research into the Workings of Real Botnets :


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.