BYOB: Build Your Own Botnet

Botnets represent a clear and present danger to information systems. They have evolved from simple spam factories to underpinning massive criminal operations. Botnets are involved in credit card and identity theft, various forms of espionage, denial of service attacks and other unsavory by-products of the new digital lifestyle that is prevalent in modern societies and emerging economies. Security professionals at any level cannot ignore this new threat. Having a better understanding of the inner workings of a botnet can lead to more efficient and judicious application of mitigation techniques. While other papers have a tendency to drive deeply into complex bot and botnet code, this paper takes a pedagogical approach rather than a highly technical one. Following a brief historical overview, it presents a simple working example of a botnet dubbed FrankenB implemented in Java and PHP. The implementation includes a command and control infrastructure as well as botnet tracking and reporting capability. The FrankenB bots are also capable of eavesdropping on network traffic, scanning subnets and sending spam. All of these capabilities are demonstrated in this paper. Following this introduction, FrankenB is then used as a backdrop for discussing mitigation techniques and for framing the botnet threat in a more global context.