For those of you who are maybe living in a cave (and if so, what ISP services you?), of the millions of computers in the world, a good portion of them are not controlled completely by the person who is paying for their Internet service. These computers, hijacked by a successful hacking campaign, and controlled by another person, we call bots. One bot is useless; bots are maintained in collections, called botnets. A botnet could range in size from 10,000 to 1.5 million hijacked computers.
I've been observing, and writing about, botnets for some time.
- In November 2004, some bad guys very deviously hijacked a German advertising server, and 4 other servers, and delivered the Bofra / IFrame exploit to 5,000 - 10,000 computers. These computers became part of a botnet.
- In May 2005, we saw a practical application of a botnet, as the Sober worm was used to distribute spam relevant to a German political battle.
- This year, we have botnets being used to hijack Blogger blogs, and create networks of blogs serving spam.
Most people don't realise that botnets are both the attack vehicle, and the payload of a successful attack.