A BotNet is a collection of
broadband-enabled PCs,
that have been hijacked via
virus and worm attacks and
compromised with software
that connects back to the
BotMaster’s control server
to receive commands from
a remote attacker.

BotNets have become a big
underground business, and
there are few answers to
this rapidly growing problem.
The number of bots that
comprise BotNets has increase
by nearly 50 percent
from January 2007 through
June of 2009

Last year, over 1.2 million
computers in China were
newly compromised and
became part of massive BotNets.
Cell phone are another
target. In 2009, the first
cellular BotNet was detected.
Numerous pieces
of cellular malware turns
cell phones into zombies


The Technolytics Institute
4017 Washington Road
Mail Stop 348
McMurray, PA 15317
P 888-650-0800
F 412-291-1193

A BotNet is a collection of internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. These computers have been compromised or infected with software that allows the computer to be controlled remotely by someone, who is known as the BotMaster. Each computer represents a node on the BotNet that is often referred to as a zombie. BotNets have become a critical problem that must beaddressed. Evidence suggests they have evolved to the point where they are now also targeting and affecting cell phones.

zombieLast year the Georgia Tech Information Security Center (GTISC) reported that 10 percent of online computers were part of BotNets. This year GTISC researchers estimate that BotNet affected machines may comprise 15 percent of online computers - a fifty percent growth in one year. Based on that number, there are 34 million computers in the United States that have been compromised and are now part of a BotNet. Based on the CIA World Fact Book, and the GTISC estimate, that translates into to an estimated 195 million bots globally. According to one report some 150,000 computers become infected everyday and join the millions of zombies that make up the BotNets.

The software used to establish Bots and control BotNets is not simply thrown together, it has become very sophisticated and has now risen to professional status.It includes worms,viruses and Trojans that allow remote control of the infected computer and are propgated in
multiple ways including email, infected web sites, and compromised downloads. Another alarming trend is the use of rootkits. A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. The malicious code that turns the PC into a Bot is being hidden in a rootkit and this is making it exceptionally difficult to defend against, detect, and eradicate the Botware. These compromised computers are under the total control of a BotMaster and form a BotNet that can be tasked with bombarding a web site with so much traffic it crashes. That is what is known as a distributed denial of service attack (DDoS).

Additionally, two relatively new trends have emerged. First, malware writers have begun
to offer malicious software as a service to those who control BotNets. Secondly,
BotMasters are selling the services of the BotNets they control on a per gigbyte of
BotNet generated traffic basis. BotNets that are specifically created for DDoS attacks can
be leased with costs ranging from $50 to $2,500 depending on the capacity used and the
length of the attack. International law enforcement and militaries around the world are
aware of and concerned about the widespread availability of cyber mercenary or
BotHerders (those who operate and sell BotNet capacity), and the fact that they have been
hired by countries to do espionage and other dirty deeds. The commercialization of
malware and BotNets combine to significantly increase the availability and use of these
disruptive mechanisms.