VeriSign White Paper Sample

A botnet is a collection of compromised computers controlled by a bot herder. The most resilient botnets do not depend on a single server for command and control structure; rather, they use more distributed communications methods and employ recovery techniques to work with different bots should other bots they had been working with become unavailable.

From a purely disinterested point of view, botnets are highly useful distributed systems. They provide on-demand computing and networking services to the people that control them. They can generate phishing lures and send those lures to millions of email recipients or launch DoS attacks to disrupt business or government operations. The legitimate business world has an analog of botnets in the form of cloud computing. Cloud services provide (legitimately) on-demand computing resources, storage, and networking for specialized projects or ongoing business operations. Amazon’s S3 storage service and EC3 computing services are probably the best known examples of cloud services. The reason botnets are popular in cybercrime is the same reason cloud computing is of growing interest to business: little or no capital investment is required, the ongoing operational costs are minimized, and you can scale rapidly to meet peak demand without having to maintain peak capacity during less demanding periods.

The resiliency of botnets became clear recently. In a well publicized counterattack against spammers in November 2008, the Internet service provider (ISP) that had been hosting command and control servers for the 450,000 bot Srizbi botnet cut off service to the bot herder. For several days, there was guarded hope that this might put a dent into the amount of spam generated, but that hope was short lived. The botnet developers had planned for such a contingency and the bots were able to re-establish communication with new command and control servers.