Bots & Botnet - An Overview

Using thousands of zombie machines to launch distributed denial of service attack against enterprise and government internet resources by attackers is becoming dangerously common trend. To create this army of zombie internet
hosts, attackers typically infect machines of home users having broadband access to internet,‘ networks maintained by universities & small enterprises, with remotely controlled trojans. Owners of these machines are typically profiled as
users with relatively low internet security awareness and limited resources to defend their internet infrastructure.

Recently, there is a growing trend towards attackers, using Internet Relay Chat (IRC) networks for controlling & managing
infected internet hosts. This paper provides an overview of malicious bot, a remotely controlled trojan which infects internet hosts and is remotely controlled by attacker via private IRC channels.

The paper provides brief background into underlying IP protocol, IRC (RFC 2810) and covers the terms used to explain the operations of bots, the elements involved in malicious bots infection, insight into possible uses of bot infected machines by attackers. How & why an attacker chooses a target system to infect, describes the process of malicious bot infecting a system & attacker remotely controlling the infected system via IRC channels, list & characteristics of some of known bots, takes a look at how bots could be used as part of information warfare strategy, provide recommendations for home user & system admin to prevent, detect & respond to malicious bot activity.