In the year of 2000, Professor Vijay Pande, a renowned Stanford University researcher, released a little program that, when downloaded by a user, would simulate how protein molecules fold—a necessary and important part of drug research. But protein folding is a complicated process, requiring a lot of computing power to do the simplest of recreations. Pande’s program, however, distributed that computing burden among thousands of personal computers. All of the sudden, researchers had a cheap way of doing expensive research.
Pande, in essence, created a botnet.
A botnet is a network of personal computers working together to accomplish a given task. The term botnet is used because these automated programs, called robots or “bots” are spread across a network of computers. These computers are often controlled through a server—a computer acting as a communication resource for other devices. In the case of botnets, this server is often called a command and control server. It is central to running and maintaining a botnet.
On their own, individual bots are fairly weak programs. In aggregate, however, botnets can be very powerful. And very damaging.
Unscrupulous characters often use botnets to power a variety of illegal projects. Denial-of-Service Attacks (DoS), where infected computers flood a webpage with traffic to knock it offline, are one common use of botnets. These attacks can, and do, cost businesses millions of dollars in losses in a short period of time. Malicious botnets are also used to distribute viruses, steal passwords and propagate spam. Botnets, for the most part, are effective, cheap ways for cybercriminals to compel computers to do bad things.
We recently worked with the United States Department of Justice and other security firms to take down a botnet named “Gameover Zeus.” Gameover Zeus stole personal information like bank account passwords and usernames. The botnet was also used to distribute Cryptolocker—a type of malicious program called “ransomware.” Ransomware essentially holds a computer hostage until its owner pays a ransom to the cybercriminal.
In its press release, the Department of Justice estimated that Gameover Zeus and Cryptolocker caused more than $100 million and $27 million in damages, respectively. The botnet’s creator, identified as Evgeniy Mikhailovich Bogachev, is now wanted by the Federal Bureau of Investigation.
So yes. Botnets can be very bad. They can also be very good. Professor Pande’s program, Folding at Home, has helped researchers better understand diseases like Alzheimer’s and Huntington’s—which in turn will help develop treatments. The critical difference here, other than intent, is consent. Participants in Folding at Home knowingly download the program in order to help it achieve its end goal: better medical treatments. Botnets, however, rob victims of that consent and exploit this robbery further by stealing and selling personal information.
So what can you do to protect yourself from botnets? Well, thankfully, there are a few steps you can take:
- Always use a comprehensive security solution. Comprehensive security solutions, like McAfee LiveSafe™ service, are critical in detecting and deterring the programs that make botnets possible. By preventing unwanted access to your computer, you can help to stunt the spread of botnets.
- Keep your software up to date. Always update your devices. Software updates include more than just the latest features—they also include the latest security fixes. When you update, you’re protecting yourself from cybercriminals who want to use your computer against you and others.
- Watch where you browse. The Internet can be a dangerous place. Browser-based exploits found on compromised websites can inject malicious code onto your computer. Keystrokes, passwords and other personal information like credit card data can be recorded and shipped to servers across the globe. The best way to prevent these exploits from taking advantage of you and your computer is to stay on safe websites. Do this by sticking to websites you know and those sites that appear on the first few pages of search results.
And, of course, stay on top of the latest consumer and mobile security threats by following @McAfee_Home and myself on Twitter and Like us on Facebook.