Home News News Blog Botnets 101

Botnets 101: What They Are and How to Avoid Them

Jun 05, 2013 07:00 AM

Botnets 101
What They Are and How to Avoid Them


Last month, the head of an international securities fraud ring was sentenced to federal prison for manipulating stock prices by using botnets to distribute spam promoting those stocks. And several months ago, 10 members of an international cyber crime ring were arrested for using botnets to steal more than $850 million after obtaining personal financial information from compromised computers.

Protecting Your Computer

- Make sure you have updated antivirus software on your computer.

- Enable automated patches for your operating system.

- Have strong passwords, and don’t use the same one or two passwords for everything.

- Download free software only from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).

- Don’t open e-mail attachments in unsolicited e-mails, even if it comes from people in your contact list, and never click on a URL contained in an e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.

- Use antivirus software on your smartphone. Criminals are already stealing personally identifiable information from smartphones after owners unknowingly download malware, and it won’t be long before we see the emergence of mobile botnets undertaking DDoS attacks and other criminal activities (unless users protect their smartphones now).

For more cyber security information, go to our Cyber Crimes webpage or to the U.S. Computer Emergency Readiness Team’s website.

The use of botnets is on the rise. And industry experts estimate that botnet attacks have resulted in the overall loss of millions of dollars from financial institutions and other major U.S. businesses. They’ve also affected universities, hospitals, defense contractors, law enforcement, and all levels of government.

What exactly is a botnet? A bot, or web robot, is an automated malware program that scans blocks of network addresses and infects vulnerable computers. A network of these infected computers—numbering in the hundreds of thousands or even millions—is called a botnet (robot network), and each computer becomes connected to a command-and-control server operated by the criminal.

Once the botnet is in place, it can be used in distributed denial of service (DDoS) attacks, proxy and spam services, malware distribution, and other organized criminal activity. Botnets can also be used for covert intelligence collection, and terrorists or state-sponsored actors could use a botnet to attack Internet-based critical infrastructure. And, they can be used as weapons in ideology campaigns against their target to instigate fear, intimidation, or public embarrassment.

Your personal computer could become part of a botnet—it only takes one wrong click for you to download malicious code. For example, you might get an unsolicited e-mail promoting a dating website or a work-at-home arrangement or an e-mail that appears to come from your bank containing a seemingly harmless link. You could be sent a link by a friend asking you to view a great video (which was actually sent because the friend’s computer is already infected). You could see a link on a webpage that seems to be soliciting donations for a recent tragedy. And you might even visit a fraudulent website—or a legitimate one that’s been compromised—and download video, pictures, or a document containing malicious code.

 Multiple Botnets Targeting
Financial Information Disrupted

On June 5, 2013, Microsoft—along with financial services leaders, other industry partners, and law enforcement—announced actions taken to disrupt a global cyber crime operation involving more than 1,000 botnets. Microsoft Press Release | FBI Statement on Botnet Operation

Once the malware is on your computer, it’s hard to detect. And in addition to your computer being commanded to link up with other compromised computers to facilitate criminal activity, the bot can also collect and send out your personal identifiable information—like credit card numbers, banking information, and passwords—to the criminals running it. Those criminals will take advantage of the information themselves or offer it for sale on cyber criminal forums, and you could find yourself being victimized…again.

The FBI—with its law enforcement and private sector partners—has had success in taking down a number of large botnets, most notably Coreflood. But our work is never done, and by combining the resources of government and the private sector—and with the support of the public (see sidebar on protecting your own computer)—we will continue to improve cyber security by identifying and catching those who threaten it.

If you think your computer may be part of a botnet, file a complaint with the Internet Crime Complaint Center (IC3) and/or contact the cyber task force at your local FBI office.