Spammers and other perverts

I received the following article from Bullguard my AV provider today. It's long but it's the best I've read in a long time. I hope it helps someone to keep out of trouble.
You’ve probably heard of the word ‘botnet.’ It’s often used in conjunction with ‘zombies’ and ‘enslaved computers’ and paints a dystopian picture of the future in which remotely controlled computers rule the world.
The truth isn’t too far from this. A botnet is a collection of computers that together have been remotely hijacked, irrespective of their location, to create a network of ‘zombie computer’s’ controlled by hackers.
Botnets really started making their mark in the early 2000s when financially motivated attackers took notice of the large number of unprotected computers and equally large number of users turning a blind eye to security.
So why do hackers create botnets?

Today, botnets can be enormous and have accounted for cyber fraud activity that can be counted in billions of stolen dollars.
A botnet is the difference between having one computer to do a hacking mission and having 10,000 computers. A cyber crook has simply got so much more computing power at their fingertips to:
Attack other computers or to take down websites
Send spam or phishing emails to millions of email addresses
Deliver ransomware to hundreds of thousands of computers
Send spyware, trojans and other types of malicious malware
How are botnets created?

A hacker writes some malware code that if it gets into your computer allows it to be taken over remotely.
Criminals try and get the malware into your computer by taking advantage of exploit flaws such as browser plugin updates that you’ve ignored or placing malicious links on websites. You click and the malware downloads, but you might not be aware of it.
When the malicious code executes on your computer, it uses the internet to make contact with the control computer that operates the botnet, often called a command and control server. Your computer periodically checks for instructions from the command and control server.
Peer to peer botnets are used by cyber fraudsters to stop security researchers and authorities from identifying and stopping centralised command and control servers. To put it simply, in a peer to peer botnet the bots connect and communicate with to each other in order to remove the need for a centralized server.
But even smart connected devices are now being exploited. Last year a piece of malware called Mirai (Japanese for future) was used to create an Internet of Things (IoT) botnet from connected cameras and digital video recorders.
Most known botnets

The GameOver Zeus botnet was one of the most powerful ‘financial’ botnets ever seen. Designed to steal online banking credentials it is estimated to have infected almost 4 million PCs in the US alone. It is believed to be responsible for the theft of millions of dollars from businesses and consumers around the world.
The Simda botnet infected more than 770,000 computers in over 190 countries It was active for years and distributed pirated software and different types of malware, including stealing financial credentials.
Storm ranged anywhere from 250,000 to 50 million computers. First detected in 2007, it got its name from one of its earliest spam messages, “230 dead as storm batters Europe” used as the subject line in emails that were hiding malware. Notable for being one of the first peer-to-peer botnets it was known for enabling share price fraud and identity theft. Storm was partially shut down in 2008.
ZeroAccess controlled in excess of 1.9 million computers around the world. It split its focus on click fraud and bitcoin mining. The botnet was reported to be consuming enough energy to power 111,000 homes every single day from all its infected computers.
The Mirai botnet surfaced last year. It consisted of compromised smart devices and was used to launch the largest ever distributed denial of service attacks the world has ever seen. It took down some major websites including Netflix and Twitter.
Botnets for hire

The cybercriminals who operate the botnet will likely sell it or rent it out to be used by other fraudsters. At some point the botnet will be activated and used to launch some type of attack.
Botnet’s for rent are big business in the cyber fraud underworld and they are typically rented out for as little as £15 per hour.
Today, it’s a fact that malware and botnet infrastructure dedicated to cyber-crime is a large commercial operation, that’s not going anywhere.
What damage do botnets do?

Distribute malware, ransomware or spyware to spy, steal and cheat people out of their personal information and financial information, alongside blackmail,
Send out spam emails to hundreds of thousands of email addresses which have often been stolen from different organisations servers
Launch distributed denial of service (DDoS) attacks on a website, companies or government agencies. The botnet is used to send so many requests for content that the server cannot cope and it essentially sinks under the weight of the requests
Botnets are used to generate fake clicks on ads so the fraudsters can make large amounts of money
Launch large phishing campaigns, for instance, emails that contain hidden malware
How to tell if your computer has been ‘enslaved’ into a botnet

There are some tell-tale signs that indicate your computer might become a part of a botnet:
Your computer or internet connection is running slower than normal
Your computer behaves erratically, for instance it crashes often and you receive unexplained error messages
There is high network usage on your home network
Your browser closes frequently and unexpectedly
Sometimes your computer takes a long time to start or shutdown
How to avoid becoming a part of a botnet

Don’t click on suspicious links - you don’t know where they lead
Don’t download attachments that you don’t recognise or never requested
Use good antivirus and antispyware software
Do a full, in-depth scan with your antivirus to make sure everything on your computer is clean
Keep all your software up to date, especially your browser
What’s the future of botnets… it's thingbots.

There are an estimated 2 billion personal computers in the world and botnet creators have certainly taken advantage of this by snaring millions of unsuspecting computer users.
But let’s put this in perspective. The Internet of Things (IoT) is upon us. Everything from cars to home appliances, watches and even children’s toys are being connected online. It is projected that by the year 2020, there will be more 25 billion devices connected to the Internet.
Those numbers alone are enough to attract cybercriminals’ attention, but what is more relevant is that these devices mean more data to steal, more systems to take over and more money to be made.
This rise of IoT will bring another evolution in malware in the form of thingbots. Thingbots are botnets composed of infected IoT devices. We’ve already seen the Mirai botnet and this is just the start.
Compromised IoT devices can be controlled to launch attacks, steal sensitive data or facilitate other malicious activities. We have already seen a few of these in the last couple of years.
What is alarming about IoT is the painful lack of security on many devices. It’s an open invitation for cyber crooks and as such you can bet your latest smart device that thingbots will definitely become a thing.


  • Member, Beta Tester
    there is a new telephone scam going round you need to be careful with.
    you receive a phone call and the caller says " can you hear me" and of course you say yes then the line goes dead. a while later you get a phone call as to why you have not paid them for something you agreed to on the phone and they have created a message saying your phone number authorized them to go ahead with a transaction and they play this message about the item and when it goes to the place where they say do you agree to this transaction, they put the recording they got of you saying yes and they will be suing you if you do not pay.
    so the trick with these is to either say no and put the phone down or just put the phone down
  • Member, Beta Tester
    Or do what I do and just not answer the phone in the first place!
  • Member, Beta Tester
    With unsolicited calls my conversations are invariable very brief and very loud. I may have deafened several people. Two words..... the second one OFF! Works a treat.
    Not sure their scam would hold water anyway Paul. You have to be warned that your conversation will be recorded. I'll keep it in mind though. Thanks.
Sign In or Register to comment.