FBI Cites Growing Threat of Botnets
In a press release dated June 13, 2007, the FBI described the growing threat of botnets:“A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.”
Botnets Used Against Online Merchants
In addition to the FBI’s list of concerns, Kount scientists have been tracking the lastest botnet threats to merchants. Botherders are using the army of zombies under their control to defeat existing fraud detection methods by:- Rendering “machine fingerprinting” useless by using random zombies as anonymous proxies.
- Defeating velocity limits by originating fraudulent orders from numerous machines.
- Adopting hundreds of personas by methodically rotating through stolen emails, cards, zombie machines, proxies, and virtual geographic locations.
Kount Graphical Swarm AnalysisTM
Kount uses complex mathematical models to visually depict botnet activity:
Our detection methods are unique in the industry. They are highly effective at pinpointing in real time, orders that are originating from a botnet.
Botnet Glossary
- Botnet
- Also known as a zombie network. A collection of compromised computers connected to the Internet that can be controlled remotely by a botmaster.
- Botherder
- See botmaster.
- Botmaster
- Hackers with command control over a botnet. Usually uses IRC channels to control zombies either individually or as a collective army.
- Bot Roast
- A 2007 FBI sting operation. This coordinated initiative disrupted and dismantled botnets containing about 1 million zombie computers in the US. Read more at http://www.fbi.gov/page2/june07/botnet061307.htm
- Click Fraud
- The act of repeatedly clicking on pay-per-click ads for the purpose of defrauding advertisers and/or earning fraudulent commissions. Botmasters employ botnets to efficiently amass huge click-through commissions in a very short period of time.
- Distributed Denial of Service Attack (DDoS)
- An attack by a botnet that bombards the target website with so many requests that it effectively shuts the site down to legitimate traffic. DDoS attacks are usually accompanied by an extortion demand from the botmaster.
- Honeypot
- A trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems and computer networks. Law enforcement officials often use honeypot tactics to learn the identity and location of botmasters.
- Keylogger
- Malicious code installed on a zombie machine that can track keystrokes of the user for purposes of harvesting usernames, passwords, identity data, credit card, or other financial information.
- Pharming
- Similar to phishing. Pharming uses a false web site to fool targets into giving up usernames, passwords, and personal or financial information. Botnets are often used to send spam to unwitting targets to trick them into visiting a pharming web site.
- Phishing
- Impersonating a legitimate institution, such as a bank, for the purpose of harvesting login credentials and personal or account information in order to commit fraud. Phishing is most often committed using spam (often distributed by zombie machines attached to a botnet) containing realistic-looking logos and formats to trick the targeted consumer.
- Spam
- Unsolicited commercial email. Botnets are often used to distribute huge amounts of spam, which appears to the recipient to originate from legitimate domains. Botnets can also be used to harvest email addresses from the infected zombies to be used in future spam campaigns.
- Zombie
- A computer connected to the Internet that has been infected by malicious code which allows it to be controlled by a botmaster.