Dangerous botnets, and what is known about them. Examples of threats.

[Lord777]

Have you ever heard of such a concept as a botnet? If not, then there's nothing strange about it. For any ordinary Internet user, this is normal. Because the intent of cybercriminals lies precisely in this. They do not bring anything but trouble, so it is better to never encounter them at all.

By any illegal means, their developers manage to hide their activities for decades, earn money from them and bring great damage to society.

According to Vint Cerf, the creator of the TCP/IP protocol, about a quarter of the 600 million computers connected to the Internet around the world may be in botnets. In India, they make up a record number of ~ 2 million.

In this review, we will try to shed light on the most well-known and dangerous malware. We will tell you about the main types and show with examples how much damage they cause. We will also tell you how to protect yourself from them.

What is it​

A botnet is a computer network in which every device with Internet access is infected with malware and controlled by a bot wizard.
The first botnets began to appear in the 2000s, and their number grew rapidly every year. And for a reason. This is a lucrative and therefore tasty business for hackers. The use of such malicious computer networks is found in many areas of activity where there is access to the Internet.
How it happens: a bot that is part of a botnet attacks and attacks an unprotected device or site, and then manages it for its own purposes. This expands the network and creates a new source of attacks. It can be a personal computer running on any OS, a corporate website, or even your brand-new smart vacuum cleaner or kettle.
They are created and used for extortion of funds, theft of personal data, mining, draining advertising budgets (automatic linking of ads).

Bots themselves are not viruses. This is software, or rather, a set that consists or may consist of virus programs, tools for hacking the OS, firewalls, software for intercepting information or remote control of the device.

Owners of infected devices may not even know that their computer or kettle is already part of the botnet network. Fortunately, anti-virus and cybersecurity software developers, banks, and services like BotFaqtor figure them out and develop security programs. And even though various structures manage to reduce their spread, the fight against them has already turned into a game of cat and mouse. Scammers find loopholes and avoid the security system.

How botnets work​

They don't appear overnight. To build an entire network, they need to reach as many of their victims ' computers as possible, turn them into zombies or slaves. And to become part of a botnet, the computer is deliberately infected with malware.
There are many effective ways to infect your computer. Hackers are coming up with more and more ways to spread malware. The most popular ones are sending out e-mail with dangerous "stuffing" or penetrating through vulnerabilities of legal software to the device. The user may not be aware of such a neighborhood until the" embedder " is detected by the antivirus. The sad thing is that most new networks go unnoticed for a long time.

Fact: Europol, the FBI and the National Crime Agency of Great Britain were involved in the operation to uncover the network and stop the spread of the Emotet botnet from the Trojan virus family. It was created in 2014 and penetrated Windows PCs of various organizations through phishing emails that included a Word document with a link to download malware.

When the shepherd bot (also called the master bot) gets enough devices or computers into its network, it proceeds to remotely manage them.

Who manages them​

Botnets are managed by groups of people or by one person. The bot wizard sends special commands to individual devices and tells them what to do. These commands can include anything from visiting a website and executing a piece of code to infecting another device on the network.
Often, botnets are rented out to other cybercriminals to perform a number of more resource-intensive tasks.
What is most interesting is that it is very difficult to identify botmasters, and many of them remain anonymous forever. Hackers are adept at hiding their identities.

Kinds​

Now let's find out why anyone would want to run an army of computers at all. Why do we need all these botnets? But they are in high demand among cybercriminals around the world. Instead of a single computer doing all the work, it uses a whole network of devices located in different parts of the world — so it is less likely to be detected.
Each newly converted bot has its own IP address, which makes it difficult to find and block the master. Because these addresses are constantly changing, the software is constantly fighting incoming malicious network traffic.

DDoS​

Botnets are widely used for DDoS attacks (Distributed Denial of Service). This is the most popular option.
This type of attack is used to "kill" a competitor's site or an entire server. Sites may remain unavailable for a long time, and therefore the business suffers serious losses.

Naturally, this is not done for altruistic reasons. Cybercriminals, managers, take a bribe with a per-second payment: for example, a DDoS attack lasting 10,800 seconds will cost the customer ~ $ 20 per hour.

But it's not always a direct order. Hackers often blackmail business owners and impose their own conditions on them. If they do not agree and do not pay, the criminals will launch a cyber attack.

Mining Botnet​

In 2009, when Bitcoin was first created, the whole world rushed to generate a new cryptocurrency. But to speed up the process and earn as much as possible, one computer will not be enough. So mining through botnets appeared-parasitizing on someone else's device, or rather, on the resources of its video card to generate power and generate digital money.

If you start noticing that your computer's performance has increased dramatically. There is not enough memory for ordinary programs and operations on the PC. The computer accelerates like a jet plane. Most likely, your video card is no longer (paradoxically) yours — the bot is firmly embedded in the device and eats up power, burning the video card.

And there are many such botnets for creating farms. If you look at the cost of one bitcoin, you can conclude that they are quite widely used.

Sklicking​

Every digital device — computer, tablet, or mobile phone-leaves its own digital footprint. This means that they can be used for clicks on ads. Each click on an ad costs the advertiser money, so using botnets for linking, fraudsters can drain the advertiser's budget by the thousands every month.

Analyze the number of clicks to the number of orders and the time spent on the page. Pay attention to the behavior of most users: you may have noticed signs of robotic page scrolling and similar transitions. Most likely, your budget is simply being drained by bots. Someone makes money on it, and you only lose. For example, if you use Yandex.Yandex.Direct, then you can put anti-click protection on it. Dummy clicks will be blocked using special algorithms for detecting bots, and bids will be adjusted in your favor.

Another use of such bots is to register your own sites in Google AdSense and click ads on them. What for? Then, for each user click on the ad, the owner of the partner site receives a commission fee. Imagine if a fraudster has a whole network in his hands, how much he can earn in this way. It's in the black, and advertisers are in the red.

Email spam​

Many of them have experienced email spam. Now you are offered 5000 bitcoins for free, then you won a million, then your piquant photos ended up on "one of the devices" and, if you do not pay, they will be posted online. All of these are spam botnets.
How to filter out spam emails: you receive a similar message from one of the mail servers, mark it as "spam" and it is moved to a special folder. In the future, all unsolicited emails from this mail server will be sent to this folder by default.
But if a fraudster has a lot of unique IP addresses at his disposal, then mass sending becomes more successful — most emails simply don't get blacklisted, they are opened by unsuspecting recipients and infect their computer.

Examples of the most famous botnets in the world​

Below are the most extensive criminal botnets that have caused or are causing great damage to both commercial companies and ordinary citizens from countries around the world. The status of whether the network is currently active or not is not described here, as their variations may evolve, change names and directions. Even if one was closed, there is no guarantee that a new one based on it will not appear tomorrow.​

Mirai​

• Brief description: hacking of Internet of Things devices through a vulnerability in the same type of account access
• Family: Worms
• Who's at Risk: Smart Home Devices (IoT)
• Application: DDoS attacks
• Damage: ~ $ 100 million

Mirai is a botnet developed by students as a tool for conducting DDoS attacks. Smart household devices were chosen as zombie targets. Its operators found a vulnerability in accessing the administrator account on these devices. It consisted in the fact that the same username and password were set there by default, and the set of combinations for selection was small.

In 2016, hackers used heat regulators, refrigerators and toasters for one of the largest DDoS attacks using Mirai.

The most famous attacks with its help are the attack on the website of journalist Brian Krebs, who recently published an article about earning money on such networks, and on Dyn DNS, the DNS operator in the United States.
In 2017, one of the operators of Mirai-Daniel Kaye (aka BestBuy) — was caught and convicted first in Germany, where he received a suspended sentence, and then in the UK-with a real term.

Andromeda​

• Short description: spam botnet with malware; theft of credentials (form grabbing), etc.
• Family: trojans
• Who is at risk: any devices
• Application: multiple uses

For the first time, the Andromeda network appeared in 2011, but it was remembered for the largest and most destructive attack of 2016. Users received spam emails to their mailbox, and unknowingly installed malware, infecting their device with the virus stuffing.

The botnet used various distribution methods: phishing campaigns, spam, warez sites, and content download sites.

The operation to shut down and stop the spread of Andromeda involved the FBI, Interpol, Europol, Eurojust, the Joint Task Force on Combating Cybercrime and other commercial companies. In 2017, a network of 464 separate botnets was defused. The creator was a resident of the Gomel region (Republic of Belarus) Sergey Yaretz (aka Ar3s).

ZeuS​

• Short description: This botnet is used to steal payment data in online banking
• Family: trojans
• Who is at risk: PC on all versions of Windows
• Application: theft of funds from bank accounts
• Damage: more than $ 100 million

It is based on a Trojan program that aims to intercept passwords from users ' payment systems. The stolen data is then used to steal funds. ZeuS was developed for all possible versions of Windows OS. It can work without connecting to drivers. The most dangerous thing is that the device can get infected even from a guest account.
The victims of ZeuS were residents of 196 countries. Different methods of infection were used: e-mail spam, trap links, and for the first time, social networks.

In the social network Facebook, users were sent spam with photo messages. Each message led to malicious sites infected with the botnet.

The program is embedded in an infected system, steals registration data from an online banking account, and transfers money to the accounts of other similar victims. This is done to hide the bot wizard.
According to analysts, malicious ZeuS is responsible for 90% of all bank fraud cases in the world.

3ve (Eve)​

• Short description: botnet for ad linking
• Family: trojans
• Who is under threat: advertisers; PCs
• Application: draining advertising budgets
• Damage: more than $ 20 million

3ve sent out malware that infected computer devices. It was distributed via email spam and pseudo-uploading of content. As soon as the victim's PC was infected with a virus program, commands were sent to the victim to click ads. Since the botnet used its own sites for placement in Google AdSense, first of all, botmasters directed traffic to their own dummy sites to simulate the actions of real users. So they built fake ad networks.

3ve could generate about 3 billion pseudo-requests for bids on advertising exchanges every day. Operators had over 60,000 accounts, 10,000 fake sites for displaying ads, and more than 1,000 servers in data centers. The number of IP addresses they controlled was more than one million.

Its creators and operators were citizens of Russia and Kazakhstan. The network was exposed, servers and domains were selected, and botmasters (not all of them were found) were brought to justice.

Is there any protection against botnets​

As you can see, all these malicious networks cause huge damage, and your business is not protected from this in any way. It doesn't matter if they are directed to your website, ads, or email address.
If there is protection against DDoS attacks — special software that detects bots - then what to do with ads? They don't have such a firewall.
The Botfaqtor security service uses special algorithms and analyzes your site's traffic based on 100 technical and behavioral parameters. Bots are blocked, and your money remains safe and sound.

Protecting your budget from scammers​

Save up to 30% of your advertising budget! Block bot-attack on the click fraud of the advertising in Yandex Direct & Google ADS and say goodbye to unfair competitors who spoil you with statistics. Protect your site's position from SEO optimizers who "drown" your site with behavioral cheating.