'Bot' is the common term used to describe a computer that can be remotely accessed and controlled in conjunction with thousands of other computers that have been compromised in the same fashion. Bots are created with malware that allows an individual unauthorized, remote access to a networked computer. This type of malware is known as a backdoor.
A backdoor does more than permit someone to remotely log into your machine. It usually allows the intruder to log in with the highest level of privileges available to a user (admin or root). This gives the intruder the ability to install additional software on your computer (spyware, more malware) and instruct it to perform certain tasks such as send out spam, host and distribute copyrighted materials, serve as a counterfeit web site in a phishing scam, or participate in a Distributed Denial of Service (DDoS) attack.
How does a system become a bot? Either the machine is not properly patched which permits an intruder to exploit a vulnerability, or the owner of the machine is tricked into installing the malware that gives the intruder access. This can be done by sending an email or IM with a malicious attachment or link that takes the unsuspecting user to a web site that installs the malware. One of the most common vulnerabilities exploited by Bot Masters is weak or non-existent passwords on the computer's local accounts, particularly the admin account.
A bot is of no value to a Bot Master if it is discovered so hackers try to design this software to be as unobtrusive and surreptitious as possible. Ideally, the victim never realizes that their machine has been "botted."
Bot Master(s):
The Bot Master or Bot Herder is the person who creates and controls one or more Botnets. For an excellent discussion on the activities and methods of a bot master, please see this article that was published in the Washington Post on 2/19/06: Invasion of the Computer Snatchers. Bot Masters can make good money at what they do. Some estimates run as high as six figures annually. That's more than enough motivation to hack into your machine.
BotNets:
Bots operate in herds or nets. How big can a herd get? In January 2006, when Jeanson James Ancheta of California was arrested on computer felony charges, he was controlling a botnet of over 400,000 machines. Security giant McAfee detected 28,000 distinct bot networks active in 2005, more than triple the amount in 2004. The world wide infection rate is estimated at 7%, or 47 million of the 681 million PCs connected to the Internet. Bots and botnets are the single most important tool used today by cyber criminals.
The value of a botnet lies in its size, distribution, and the relative ease with which it can be controlled despite the large number of machines involved and their disparate locations. They are rented out to individuals for specific tasks. One common use of botnets is a Distributed Denial of Service attack followed by an extortion demand. A botnet is engaged to generate huge volumes of network traffic that is directed at a target site. The criminals who hired the botnet demand payment from the victim in exchange for calling off the attack. The traffic flow is so large that the target is threatened with being shut down leading to a loss of business or intersite operations. Many victims have no other recourse and quietly agree to the payment demands.
All in all, botnets are responsible for the majority of annoying, malicious, and criminal activity seen on the Internet. That is why it is so important to keep your computer from running with a herd!
