Botnets by Heli Tiirmaa-Klaar Jan Gassen Elmar Gerhards-Padilla & Peter Martini

Botnets by Heli Tiirmaa-Klaar Jan Gassen Elmar Gerhards-Padilla & Peter Martini

Author:Heli Tiirmaa-Klaar, Jan Gassen, Elmar Gerhards-Padilla & Peter Martini
Language: eng
Format: epub
Publisher: Springer London, London


2.2 Botnets

Botnets consist of a particular kind of malware, the so-called bots or drones. These drones combine malicious functionalities of other malware classes into one general-purpose weapon for cyber attackers. Since bots are able to perform a multitude of malicious activities on demand, they are rather unpredictable. In contrast to other malware, botnets are extremely flexible and are able to dynamically react on external events, which makes them particularly dangerous. Botnets can be used for example to extract valuable information from large amounts of infected systems simultaneously or to perform other malicious activities as described in Sect. 2.2.1. The decisive factor that separates a bot from other kinds of malware is, however, not the utilized spreading routine or malicious functionality but the hidden communication channel. This communication channel allows individual bots to communicate with each other and their operator. In this context, the operator of a botnet is commonly referred to as botmaster or botherder. The term botnet is used to describe an entire network of bots, which share a common communication channel.

The communication channel between the botmaster and the individual bots is used to transmit data from the infected machines to the botmaster, as well as to send commands from the botmaster to the individual bots. In contrast to other kinds of malware, botnets actually require commands from the botmaster in order to perform malicious activities. The different bots can then process the received commands automatically. Therefore, every bot supports a fixed set of predefined tasks that can be executed on demand. To overcome the shortcoming of a fixed and limited instruction set, many current botnets support update commands. By using this command, existing bots can be easily replaced by a new version with an extended instruction set. This feature not only enables bots to perform almost arbitrary tasks on the infected machines, but also offers the opportunity to perform maintenance updates. The update functionality can be utilized for example to perform bug fixes or to protect the botnet from individual takeover attempts.



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.