Botnets
A Botnet (also called a robot network) is a group of computers running an application controlled and manipulated only by the owner or the software source. Usually, when people refer to Botnets, they are talking about a group of computers infected with the malicious kind of robot software, (the bots), which present a security threat to the owner of the computer. Once the robot software (basically, Malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander. There are small and large Botnets, ranging from 10,000 computers to 1,000 computers controlled. The difficult thing about Botnets is that the owner usually doesn't know about it, therefore s/he is powerless to stop it.[1]
Uses of Botnets
There are many uses of Botnets, some of them are:
Denial of Service (DoS) Attacks
A Botnet can be used as a denial of service weapon. A Botnet attacks a network of computers for the purpose of disrupting service through the loss of connectivity or consumption of the victim network's bandwidth (by overloading the resources of the victim's computer system). Botnet attacks may also used to damage or shut down a competitor's website or system of computers.
Keylogging and Mass Identity Theft
see main articles: Keylogging and Identity Theft An encryption software within the victims' unit(s) can deter most bots from harvesting any useful, private information. Unfortunately, some bots have adapted to this by installing a Keylogger program in the infected machines. With a Keylogger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or G-Mail or Bank of America.
Bots can also be used as agents for mass Identity Theft. It does this through Phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these Phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the username and password.