Did you notice your new laptop suddenly go the speed of a bullock cart as you got online? Have you ever wondered how every week a new email reaches your mail box to sell you male enhancing drugs? Chances are the workstation you're using is controlled by a rouge bot. Bots are compromised computers controlled by profit-minded crooks. They are responsible for the many of male sexual enhancement drugs or other such despicable email spam that goes around the net. These e-mails are spread by a network of thousands of bots, called a botnet. Anyone who clicked on the link is instantly absorbed into the fast-spreading Mega-D botnet, says security firm Marshal. Mega-D enriches it's operators, mainly by spreading spam for male-enhancement pills. Largely unnoticed by the public, botnets have come to swamp the Internet. On a typical day, 40% of the 800 million computers connected to the Internet. These bots spread e-mail spam, stealing sensitive data typed at banking and shopping websites, bombarding websites as part of extortionist denial-of-service attacks, and spreading fresh infections, says Rick Wesson, CEO of Support Intelligence. Which is a San Francisco-based company that tracks and sells threat data.

To give you an idea of what havoc a botnet can do a well-known bot virus called Storm did something that only a tactical operative can think of. First like any havoc inducing force it spread itself as a harmless email suggesting a "deadly storm" as heading and having a harmless looking web link in its content. In fact, the gang that released the e-mail had spent months preparing a strategy for amassing a sprawling, impenetrable botnet designed to self-replicate. Fourteen months later, Storm remains entrenched as the largest, most active botnet clogging the Internet. Storm was first to make wide use of peer-to-peer, or P2P, communications — the technology that allows one computer to share files with any other computer across the Internet. Bots in a botnet typically receive instructions from a central PC, called the command-and-control server. Authorities are getting better at discovering and shutting down such central servers. So Storm's operators perfected a way to use P2P communications to issue commands from a rotating subset of PCs inside the botnet. As extra protection, Storm became the first botnet to encrypt its instructions.

If you thought that was enough well think again! Now started the pursuit of these bots to analyze and trace its host, anti-virus firms began to block Storm e-mail, and Microsoft (MSFT) helped clean up Windows PCs infected by Storm. But Storm's operators proved adept at dodging the latest anti-virus filters. Subscribing to the idea that the best defense is an aggressive offense, they also began attacking any researcher who tried to isolate any of their bots. Outsiders detected trying to establish contact with a Storm bot are overwhelmed by an avalanche of nuisance requests launched from the wider botnet. This paralyzed any research into the inner workings of this organized self-sustaining botnet.

Storm endures as the king of botnets with several hundred thousand infected PCs doing its bidding on any given day. It generates cash mainly by spewing spam urging recipients to buy shares in obscure companies, the linchpin to an array of scams spinning off the artificial inflation of the share price. Another tier of smaller, multipurpose botnets spring from widely available tool kits that make it easy for anyone to infect computers, assemble a basic botnet and embark on a criminal career. Dozens of crime rings, for instance, have cropped up to run phishing scams that lure victims into clicking on fake Web pages where they get tricked into disclosing passwords and other sensitive data. Botnets spread phishing spam, host phishing Web pages and store phished data. Since 2005, phishers have used botnets to take aim at more than 1,750 companies and government agencies. These are mainly financial institutions, including 106 fresh targets in the fourth quarter of 2007; according to a survey by security data firm Cyveillance. Phishing expeditions are just one of many uses of botnets. Some bots crawl the Internet looking for Web pages that can be corrupted with pop-up ads selling fake antispyware. Others implant programs on popular Web pages to harvest any sensitive personal data typed there by visitors; some repeatedly click on online advertisements to earn fraudulent "click through" revenue. "Botnets have become the tool of choice for bad guys," says Rick Howard, director of intelligence at VeriSign iDefense. "You take over a box (PC), put it in your botnet and forevermore you own that box and can do whatever you like with it."

If you thought that was all there are these invasive collection of botnets, known as Zbot, it's controlled by Russian crime groups going by the online labels UPLEVEL, CAR Group and Glamorous Team. Zbot's operators late last year got away with swiping millions from banks in four nations, says Don Jackson, a senior researcher at SecureWorks who has been monitoring Zbot. "We know that the amount stolen in December, which affected banks in the USA, U.K., Italy and Spain, was just over $6 million," Jackson says. "This is based on sources within the banks and law enforcement that work with us." The scammers enticed bank customers to click on a link purportedly to download an updated digital certificate, the equivalent of a digital ID card. Instead, Zbot installed a program that positioned it to come along for the ride the next time the user successfully accessed the account. Zbot then automatically executed cash transfers to other accounts controlled by it's operators — while the victim did his or her online banking. "This scheme is extremely clever and quite ironic considering that digital certificates are provided by financial institutions to protect online bank users from fraud," Jackson says.

Organized crime groups have only scratched the surface of the criminal capacities of botnets. Meanwhile, law enforcement agencies globally remain hamstrung by a lack of technical expertise, manpower and political resolve to put a dent in the botnet scourge, says Paul Ferguson, senior threat researcher at anti-virus firm Trend Micro. If the story of Storm and Zbot doesn't roll a dice for you perhaps knowing that there are some tech savvy criminals who hunt for junior level executives. Who then send them harmless emails with a harmless looking word file that when opened cloaks itself and installs a tool that records incoming and outgoing traffic. Also collecting clues on ways to drill deeper inside the organization's internal network. Such a foothold can give a botnet operator access to more firepower and improved cover. As once a bot makes it inside the company network it can then use the power of broadband access to empower the botnet in causing further havoc.

Source