Bots and Botnet: An Overview

Using thousands of zombie machines to launch distributed denial of service attack against enterprise and government internet resources by attackers is becoming dangerously common trend. Recently, there is a growing trend towards attackers, using Internet Relay Chat (IRC) networks for controlling & managing infected internet hosts. This paper provides an overview of malicious bot, a remotely controlled trojan which infects internet hosts and is remotely controlled by attacker via private IRC channels. The paper provides brief background into underlying IP protocol, IRC (RFC 2810) and covers the terms used to explain the operations of bots, the elements involved in malicious bots infection, insight into possible uses of bot infected machines by attackers. How & why an attacker chooses a target system to infect, describes the process of malicious bot infecting a system & attacker remotely controlling the infected system via IRC channels, list & characteristics of some of known bots, takes a look at how bots could be used as part of information warfare strategy, provide recommendations for home user & system admin to prevent, detect & respond to malicious bot activity.