Botnets, DDoS and Spammer

Closest to a necromancer in real life!

Botnets & DDoS

Botnets are a giant network of compromised computers and specially IoT devices that are controlled by a central entity, that's called the botmaster or the C&C (Command and Control server). These infected computers become "bots" or "zombies" under the remote control of the C&C that will order them to do various (illegal)activities without even realizing they are part of the "army". The process usually has four steps:

  1. Infection: the criminal, usually using bots that scan the whole internet in search of vulnerabilities, infects tons of systems by exploiting a software vulnerability. It's common too to use massive phishing campaigns that redirect users to malicious websites. Or just a combination of the two. The big expansion of the IoT industry made this easier, because these cheap devices usually lack security but are still connected to internet.

  2. Establish control: once a device is infected, it always connects automatically to the C&C operated by the criminal. This server acts as a central point of communication to the entire botnet, where victims are always reaching for instructions unknowingly, they become part of a hive mind.

  3. Persistence: botnets can be hard to create so they are designed to be resilient and persistent, having mechanisms to resist detection and removal, making it very challenging for the average user to eradicate it or even realize it's infected.

  4. Command execution: once the zombies are listening, the criminal operator has usually two options, one being to expand the botnet even more, using mechanisms like Spammer malware to spread the infection and magnify the phishing campaign, or the other, if there are enough zombies, using them for malicious activities, the principal one always being DDoS attacks, were all the zombies request tons of petitions to a web server until it becomes saturated and can't offer service to real users. Imagine it like thousands of users trying to get to a server at the same time, in a frenzy, non-stop, for days. Then the criminal sends a mail to the company asking for a ransom in cryptocurrency to stop the attack. Although DDoS attacks can often be due to political/hacktivist causes.

Spammer

Malware usually attached to another malware that will convert an infected machine into a spam launching zombie, using its contacts to spread the infection. Have you ever had a friend send you a shady link while talking strange? To post later that day "Sorry I was hacked, nobody click the link I sent you!". That's an already infected victim acting as a zombie using its friends list. Its very tied with phishing as it's the main vector for malware to enter a system nowadays and a spammer can potentiate a phishing campaign to giant levels.

Last updated