- Get link
- X
- Other Apps
What is a bot or botnet? Simply put, a malicious program that turns your computer or smartphone into a "puppet (robot) that moves according to the instructions of a third party" is a "bot", which is a network of a number of these bots. It is.
What does it mean to be a bot? What is a fraudulent activity using botnets?
Recently, money has been stolen from corporate bank accounts (Related article: Targeting even corporate accounts! Trojan horses aiming for online banking ). Among them, the Trojan horse called "Game Over Zeus" attracted attention. The malware has infected more than 500,000 units worldwide. According to the announcement by the investigative authorities, 20% of them were infected with domestic terminals, which was shocking.
Malware that causes these outbreaks, such as "Game Over Zeus," is sometimes called "bots." By the way, do you know what kind of program is called a bot?
A bot is a malicious program that can execute commands over a network. Imagine a "robot". Originally, personal computers and smartphones operate according to user commands, but when infected with a bot, they become "puppets" that are remotely controlled from the outside.
The trouble is that it is difficult to determine if you are infected by appearance or symptoms. Symptoms such as slow movement may appear, but many users do not notice it. There is a risk that the terminal will be abused by receiving orders from the outside without knowing it, such as sending DDoS attacks and junk e-mails, building phishing sites, and being used as a stepping stone for cyber attacks.
A "botnet" is a network of these bots. Building a botnet allows a malicious attacker to centrally manage a large number of Internet-connected machines, allowing them to launch large-scale attacks on specific targets at once. Like the "Game Over Zeus" mentioned earlier, you can send commands to the C & C server (Command and Control server: botnet) from a computer that has been botted in units of tens of thousands to hundreds of thousands, or even millions. It is attacking by controlling it with the controlling server).
Instructions are sent not only as individual machines but also as whole instructions. In the past, IRC (Internet Relay Chat) was often used as a command route, but nowadays, in addition to HTTP and DNS, there are also those that configure their own peer-to-peer (P2P) network. In the case of smartphones, SMS may be used as a command.
The mechanism for incorporating Bots
Most malicious malware infiltrates by exploiting vulnerabilities in operating systems and applications. Just by opening an email attachment or browsing a tampered website, the vulnerability is exploited and the installation program is executed. Programs executed in this way are often not the bot itself, but a "downloader" for downloading and embedding the bot.
Vulnerabilities are not limited to client terminals. In 2014, more than 20,000 Linux servers were attacked by vulnerabilities and infected with malware "Windigo" was observed by ESET, and there are cases of infection on servers (Related article: Operation Windigo: Massive Linux Uncover malware activity that steals server credentials ).
In addition, infection methods are not limited to cases targeting computer vulnerabilities. Sometimes "human vulnerabilities" are targeted instead of programs. For example, you can attach an executable file with a disguised extension and icon to an email and open it as if it were a document or image file at first glance.
Of course, bots are targeted not only at personal computers but also at smartphones. Known as a way to bot a smartphone is to trick it into installing a malicious program. Although the number of botnets is still small compared to personal computers, it is gradually surfaced.
What kind of damage will occur if a company's server, terminal, or smartphone terminal is infected with a botnet?
Various functions are installed according to the wishes of the creator of the bot. As mentioned above, each bot has different characteristics, such as different communication methods. If you classify bots by characteristics, it will be easier to understand if you divide them by attack target.
The bot can be roughly divided into two types: "things that operate within the LAN inside the organization, such as infected machines and machines in the vicinity" and "things that attack the outside, such as the Internet" (of course, both). It May be done).
In the case of bots targeting corporate networks, it is possible to steal important information inside infected machines. Of course, account information such as ID and password is also targeted. Then, based on this authentication information, access to a server containing more important information in the network.
This type of bot, which sends the obtained information to the outside, acts as an information spies. In other words, allowing bots to enter the corporate network can lead to the leakage of sensitive data. Even if the situation is not so serious, if you get an e-mail address book, you can grasp the friendships and internal connections. A bot whose purpose is to obtain the corporate network and confidential information in it is a small-scale targeted attack.
Can antivirus software take measures against bots?
The answer is "Yes" and "No". Of course, known bot programs, which are a type of malware, can be protected by antivirus software. However, from the attacker's point of view, even if a bot program that can be easily protected is distributed, installation failure (infection failure) is visible and the purpose cannot be achieved.
Therefore, we will counteract by making a large number of variants modified so that they will not be detected by known antivirus software. Bot creation tools make it easy to create variants that aren't detected by existing signatures. As a result, new bot programs are born on a daily basis.
Infected bots also have an update feature that keeps them evading detection by replacing them with new programs. For this reason, once infected with a bot, it often operates for several months until it is discovered and removed.
Comments
Post a Comment