A bot is basically a virtual zombie. It is a computer infected with a virus, operating on a large network of bots called a botnet. You know that annoying spam email that shows up in your inbox advertising cheap drugs? Or that email that says you’ve just won a billion dollars in a lottery you never entered? A botnet is probably responsible for that. In fact, a recent report found that botnets were responsible for over 80% of spam in June 2009, with a large botnet named Cutwail sending about 45% of all spam. Large botnets like Cutwail can have up to 21 million infected computers in the botnet and send over 50 million spam messages a minute. The advantage to using botnets to do your dirty work of sending out mass unsolicited email, is that the email appears to be coming from the infected computer, making it difficult to trace the spam back to the person controlling the botnet. Botnets are also used for Distributed Denial of Service attacks, also known as DDoS’s. A denial of service attack’s objective is to overwhelm the targeted website’s server with fake requests from an army of bots, therefore rendering the website unavailable. An example of some DDoS attacks are the recent attack on Twitter and Facebook. Infected PCs on botnets can be rented for as little as $5 dollars per 1,000 computers, making it easy to get started in internet crime. Botnets are mostly controlled by a hidden IRC channel, but recently someone discovered a Twitter account being used to control a botnet.
So how do botnets amass gigantic networks of 21 million computers? One way computers can get infected by drive-by downloads that exploit vulnerabilities in browsers, (i.e. installing an unknown Java applet or ActiveX control.) Another way computers are infected are Trojan horses, supposedly innocent software like that “free” screensaver that you downloaded, but that really contain a virus that will turn your computer into a bot. Also there are worms, self-replicating viruses that spread over networks by emailing themselves to addresses in your address book. If you don’t run a current anti-virus program and you surf and download programs from the internet, there’s a chance your computer might be a bot.
The number one rule of keeping your computer safe is running a current anti-virus program. Anti-virus programs with a real time guard feature are the best, because if you try to download a file or visit a website that will infect your computer, it will stop the attack before your computer is infected. Also, you may want to install McAfee SiteAdvisor. This browser add-on add safety ratings to your search results and tell you which websites have drive-by exploits or files on them that are viruses.
Botnets now make up a large part of the internet that few people know about, and their number of mindless zombies in their ranks increases every day. If you take steps to protect your computer, you can prevent it from becoming another bot.