Bot Armies: An Introduction
Botnets or ??bot armies?? are large groups of malicious software, remotely controlled and operated, that can launch multiple penetration attacks and lead to massive denial of service (DOS) or similar network activity on a grand scale. Infested computers can be used to spread spam, conduct fraudulent activities, and interfere with authorized network traffic. Bot armies pose one of the most serious security threats to all networks.1 They are controlled and operated by botmasters (also called bot-herders). While their activity has so far been limited to extralegal and criminal activity, their potential for causing large-scale damage to the entire Internet is incalculable.
Bot armies first arose with the development of Internet chat and their capabilities have grown ever since (see Figure 1).2¨C5 They are effective both because they can execute multiple overt actions against targets and, alternatively, they can provide multiple coordinated and covert listening points within targeted networks and computer systems.
Botnet creation requires a few basic steps. Software must be created and propagated to infest targets. A command and control system must be set up, together with a system enabling check-in for further instructions. To facilitate contact after infestation, the bot author typically encodes an initial contact domain name into the bot software. To prepare for contact from bots as they become active, a computer, or suite of computers, is set up to run an Internet relay chat (IRC) to provide command and control.