Botnets – CompTIA Security+ SY0-401: 3.1

The remote-control of a botnet has the ability to cause significant harm to our computers and our assets. In this video, you’ll learn how botnets work and how one of the largest botnets in history has become very good at taking money out of our bank accounts.

<< Previous Video: Logic BombsNext: Ransomware >>

A botnet is a type of malware. The name comes from robot networks, and this is one where your computer has now been infected and you may not even realize it. But behind the scenes, there is a robot living there in your system that is under the control of someone else. A third party can now have your system send spam. A third party can have your system participate in a denial of service. Maybe it’s simply sitting there and sending your private information out to that third party. A lot of different things can happen, and you may have no idea that botnet is on your computer.

It probably got there because there was a Trojan horse, you clicked a link somewhere, maybe it was something in an email. Maybe you thought you were installing an absolutely legitimate program, but unfortunately it was installing a botnet on your computer. Sometimes you don’t even realize it. It may be a worm that takes advantage of a known vulnerability or even an unknown vulnerability with an operating system or with an application, and now the botnet is living on your PC.

The bot’s very simple process is it sits there and waits for commands to come in. It’s connected to the internet. It checks in with the mothership, sees if there’s anything waiting. It may open up a back door or two and simply go into a listen mode and wait for the directions to come from the mothership. And then that central computer sends information down to your computer that says OK, grab the key strokes, or participate in the botnet, or send this spam and then your computer goes into effect and does all of the things that the mothership tells it to do.

One of the most fraudulent botnets in history, and I say financially fraudulent botnet in history, is ZeuS. This is a piece of information I gathered from the FBI. If you go to this website, you’ll be able to find this diagram along with a lot of other information about how ZeuS really works. And what really happens behind the scenes is you have somebody going through and creating the malware itself, creating the botnet. And they hand that off to the hacker that finds a way to get it to your computer, either through a malicious link or they find a vulnerability or they embed it in a worm, but they get it onto your computer.

And once they’re on your PC, the whole purpose of ZeuS is to get your banking information. That’s the whole reason it was written. It doesn’t care about all the other things you do. It doesn’t care about the Facebook and the Twitter and all the other logins you have. It wants your money. So it then gets your banking information, logs onto your system, and then starts going right out to your bank and taking your money away from you.

It usually sends that money to a third party, to a mule, whose job it is to get it from one place to another. Because once they get your money, they need to hide it in some ways so it may go to a bunch of mules who then get the money back to the organizers and receive millions and millions and millions of dollars just by embedding this botnet on your computer. Unfortunately, ZeuS continues to be popular.

There are many different variants of ZeuS that use many different ways to get onto your computer, gather the information, and provide it back to the mothership. This is a graphic that comes from, and it shows you how many active ZeuS files are out there, how many online binaries, how menu drop zones there are. And you can see as these servers, these central machines go up and down, you can start to see exactly how much is going on out there on the internet. So if you’re wondering if ZeuS is something that might be affecting you, it’s affecting a lot of different people today. This is something to keep your eye on, not just with ZeuS, but other types of botnets as well.