Slate's Bizbox
explainer: Answers to your questions about the news.

What's a Botnet?An army of infected computers that can send out 100 billion spam e-mails a day.

By Chris Wilson
Posted Wednesday, April 30, 2008, at 6:57 PM ET
Computers

Microsoft revealed this week that it is helping law enforcement officials track down the operators of "botnets," or networks of computers that can be used to send out spam messages without the knowledge of their owners. Though the software company is tight-lipped about the specifics, Canadian security forces have already used Microsoft's information to bring down a botnet that infected close to 500,000 machines. What is a botnet, exactly?

It's a virus, worm, or other piece of software—the "bot"—which runs covertly on a series of computers—the "net." While several researchers are attempting to construct "good" botnets capable of protecting servers or undertaking massive computations, the term most often refers to viruses and other malicious programs that install on a computer without permission. Once a computer has been infected by a bot and recruited into the network—i.e., turned into a "zombie"—it surreptitiously communicates with a central command server or with other bots. Popular botnet activities include sending spam or flooding a targeted site with so much Web traffic that it's forced to shut down. (The latter is known as a "denial of service attack.")

At a recent conference of security analysts, one malware researcher reported that the 11 biggest botnets in the world comprise 1 million machines, and can send 100 billion spam e-mails per day. As security researchers develop more and more sophisticated means of tracking and detecting these threats, the authors of the predatory programs continue to find innovative ways to spread their bots and hide their tracks.

For example, early botnets tended to set up a direct line of communication between the infected computer and the person controlling the network—sometimes known as the "botmaster." This was done via a communication system called Internet Relay Chat (which was also used in early instant messaging systems). But a system like this makes it relatively easy for researchers to isolate a copy of the bot software, dissect it, and track down the server where the bot is phoning home. More sophisticated virus programmers have now turned to peer-to-peer systems, where bots disseminate commands through the network, in a "pass it along" system of giving orders. This makes it harder for investigators to find the source of the commands.

Until recently, the most infamous of these threats was a botnet called Storm Worm, so named because it originally propagated through e-mails in early 2007 with the subject line "230 dead as storm batters Europe." Microsoft claimed last week that its bot-hunting software had finally crushed Storm, but others were suspicious. In any case, Storm Worm is at the least significantly scattered, but several other botnets have taken its place. While researchers continue to track the newest threats, study their code, and devise new ways to detect and combat the bots, most concede that the computer security arms race won't end anytime soon.

Got a question about today's news? Ask the Explainer.

Explainer thanks Elizabeth Clarke and Joe Stewart of SecureWorks.

Print This ArticlePRINTDiscuss this in The FrayDISCUSSEmail to a FriendE-MAIL
Share on FacebookPost to MySpace!Share with MixxDigg ThisShare with RedditShare with del.icio.usShare with FurlShare with Ma.gnolia.comShare with SphereShare with Stumble Upon
Chris Wilson is an editorial assistant at Slate in Washington, D.C.
Photograph of computers by Getty Images.
Join the Fray: our reader discussion forum
What did you think of this article?
POST A MESSAGE | READ MESSAGES

Comment from the Fray

[One point from a post filled with advice for computer users]

Turn off port 25 on your computer. Basically, port 25 is what e-mail servers use to send messages: you don't need it for anything you do on your personal computer. (If you do, you are tech-savvy enough not to need this list.) Hackers who use botnets like the ones described in the article often send spam messages out of port 25 on computers they control. Turn off port 25, and you won't be sending someone else's spam! Use your computer's help utility to find out how to change your port settings.

--BookBeast

(To reply, click here)

(5/4)