How a botnet works: 1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application — the bot. 2. The bot on the infected PC logs into a particular command and control (C&C) server (often an IRC server, but, in some cases a web server). 3. A spammer purchases access to the botnet from the operator. 4. The spammer sends instructions via the IRC server to the infected PCs, causing them to send out spam messages to mail servers. (Photo credit: Wikipedia)
If you have not heard of any of these it is not surprising but they are beginning to effect everyones daily lives. All of these have been purchasable in the past but never at the scale that is being exposed today. The advent of the cloud and the proliferation of the internet around the world has brought about a new level of willing hacker. It also has allowed the launching of DDoS attacks that are larger and as complex as the most complex systems in the world.
I recently did an example of an attack that launched 2000 different servers in the matter of minutes to completely flood a switching network shutting off the ability to get any communication out. This shut down everything that ran across an IP network; this included their pbx switch and their building security. It would have only taken a bit more to have caused their cell phones to not work as well leaving the building an island ready for a physical attack.
Crimeware is widely exploited by the criminal underground that seeks to improve its economy by the easiest means. The gist: “Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites,” says Finjan. In other words, it’s point, click and hack (Dignan, 2008).
Cybercrime thieves operate in a market that is sensitive to location and economic trends, they cannot use a “one-‐scheme-‐fits-‐all” approach. The attacks must be customized for each geographic region and focus on a selected group of users and/or businesses. These attacks are often called “campaigns” and incorporate Crimeware toolkits, Trojans and Botnets to do their dirty work (Finjan, 2008).