What do the Russian Mafia, European Crime Syndicates, racketeering, tech-savvy teens and you have in common? The answer is Botnets.

The concept of Botnets and DDOS (Distributed Denial of Service) attacks is not exactly pervasive in mainstream media. Arguably, the New Yorker was the first to present an article that well described the drama involved in the use of botnets  for purposes of cyberextortion . Botnets are  essentially collections of compromised or zombie computers running programs that allow centralized control of these computers usually for nefarious purposes. Thousands or even millions of users across the globe unwittingly become part of some botnet when their computer is compromised via a worm, trojan horse or backdoors and thus assimilated into this tainted network. Some estimate that up to 25% of all computers connected to the internet are members of some botnet-perhaps even the very computer you are reading this article with.

So what is the harm in any of this?  A person controlling even a small botnet  (say a few thousand nodes) has harnessed serious firepower on the internet.  Even a botnet this size is capable of wreaking serious havoc on web sites, data networks or email systems, leading to serious business disruption through denial of services. A denial of service attack simply renders a computer resource useless for its intended users. A good example of this a web site that gets bombarded by simultaneous illegitimate traffic emanating from the botnet member computers thus making it impossible for legitimate users to interact with or view the website. Companies whose revenues are generated by their websites are obviously the most impacted. Many may remember the DDOS attack that overwhelmed Yahoo web servers in 2000. Hundreds of thousands of dollars in advertising revenue were lost during this attack.

One can only imagine the damage that even larger botnets can create. Indeed botnets 1.5 million nodes large have even been discovered. Motivations of such attacks may have once been mere bragging rights, thrills and personal edification of “script kiddies”. Now we are talking straight economics. Such botnets have been used to take down pornographic and gambling web sites where the victim has to pay a ransom to the extortionist to stop the attack.  Revenues lost to these companies as a result of the attacks could be in the hundreds of thousands per month or more. This gives the criminals plenty of haggling power when arriving at a number to ask for in the ransom note.  The monies involved in protecting against such attacks will almost always exceed the ransom by a huge factor. At this point, the attackers are simply offering the same old protection racket reminiscent of the 1960s and 1970s in London where establishments paid money to avoid having their pubs destroyed.

Of course, security companies that are paid to deal with such attacks now have client lists that include mainstream companies in any type of business and of any size. Organized crime groups from all over the globe have brought the use of botnets and extortion to a new level of business, financial and technical sophistication. Botnets are now commodities that are sold, traded and rented. Just about anyone can rent a botnet for an hour, day or longer for purposes that range from exacting revenge to personal profit. Such an army of machines has many uses in addition to business disruption, however, and is now the preferred method of spamming. Opportunism knows no bounds, however, and the power of the botnet can even afford anyone the power to influence financial markets.

It is difficult to thwart such attacks. One way to think of DDOS attacks is to imagine hundreds of thousands of illegitimate people calling company phone lines at the same time to ensure legitimate callers can never get through. Bottom line: when you want to take someone out, you can rent a botnet, Russian or otherwise, point it at anything and take it out.

Botnet Proliferation

Botnets are growing in size and power. More computers are being compromised and herded every day .Additionally, the increasing bandwidth available to each of the members or “soldiers” only serve to leverage the firepower of the army.How are machines infected? There are a myriad of ways a machine can be compromised and swept into a botnet. Most people will never know they are infected with the malware as the intent is to keep a “low-profile” as opposed to other viruses, worms and malware which delete files or render machines useless. Necessary is that the program running on the machine keeps itself under the radar by escaping detection by anti-malware programs. Such programs pick up the infections yet many botnets thrive by using variants of the original malware, thus avoiding detection, keeping their membership base high. Additionally, users may not even experience slowed system performance until their machine is "drafted" and called into action for the intended purpose. Servers and virtual servers are certainly no exception; even government military servers have become soldiers in botnet armies.

Storm

Just how large can these botnets become? Beginning in September, a botnet called Storm was considered by many to be the largest botnet in the world. Estimates of its size ranged from 1 to 500 million nodes. Such variations in estimates illustrate the difficulty obtaining accurate numbers. Even if the more conservative estimates are true, however, Storm could have the resources to potentially knock an entire country off the internet. There is much talk about the Storm botnet diminishing in size, but many say this is a manifestation of the economic incentive to decentralize the operations and break the botnet into smaller chunks where the street value is higher.These smaller botnets can then be leased or sold to other operators who only need smaller armies. Most troubling is that any botnet that has been growing since January has been able to achieve such massive size. Whether or not Storm itself or its variants becomes an internet apocalypse remains to be seen.

© 2007 NetWatch, Inc.