How botnets are injected
WaElH EHlow Hxplains various WypHs oI EoWnHWs and WhH purposH behind injecting them into a network. The overall purpose behind such an attack is, ultimately, to disrupt computer sysWHms or Wo sWHal daWa. SinFH a wholH army oI FompuWHr zombies are in action, unfortunately, the crackers can easily and TuiFNly suFFHHd in WhHir Hvil mission; Whis is EHFausH planWinJ a EoWnHW aWWaFN is always a low-risN, hiJh-profiW joE. In the early days of the Internet, a botnet code piece was developed to programmatically traverse through multiple websites, and to further gather and collate the contents to create meaningful data. While this method forms the heart of today’s search engines, it was tweaked at some point in the pasW Ey FraFNHrs Wo sHrvH WhHir purposHs. BHIorH disFussinJ how botnets are injected, let’s understand why it is done. To make a website famous in a search engine, it is imperative to get lots of Web requests. This is especially true for websites that run advertisements and earn money for every click on a published advertisement. It is now possible to spread botnets across the networks, to access the page and programmatically click one or more advertisements on it. If such a campaign is carefully orFhHsWraWHd, iW is WouJh Wo fiJurH ouW whiFh FliFN is lHJiWimaWHly initiated by a human being, and which one originates from EoWnHW FodH. ThH wHEsiWH hosWinJ firm, usually a FraFNHr in such a case, can end up earning lots of money. In another type of attack called phishbots, an email campaign can be started to achieve similar results. This tells us that the effects of botnets go much beyond mere reputation or data loss.
Injecting a botnet is usually a very well-thought-out and strategic approach taken by the cracker. The process usually starts by infecting one or more systems, which are then responsible for replicating the malicious code in other machines, and eventually they cross the boundaries of the network to spread the infection to a wider global arena. In order to infect one system, the attacker needs to rely on multiple methods of intrusion. A very commonly used option is to lure a browser to a website wiWh maliFious -avaSFripW FodH, or a paJH wriWWHn in a lowlHvHl sFripWinJ lanJuaJH suFh as PyWhon. This sFripW is mHrHly a EooWsWrap, whiFh HxHFuWHs and FrHaWHs a sWHalWh rHsourFH spaFH on the machine. The script then connects to one or more Web pages of the same website, which contain the real payload of a botnet. ThH payload filHs arH WhHn downloadHd and NHpW hiddHn undHr a sWHalWh spaFH. This payload FonWains all WhH modulHs HxplainHd above, which take control of the machine, and the machine is said to be infected at this point. Enhanced botnets do not require the