|
|
|
BOT is a malicious program with the purpose of fraudulent use of computer. Once your computer is infected with BOT, the malicious attacker (referred to "attacker" hereinafter) remotely controls your computer from the external.
This attack causes serious harm of making public nuisance such as "sending numerous number of mails" and "attacking a particular website", as well as of stealing information stored in your computer, i.e., "spying activities.
As this external control of your computer is analogous to a robot, it is referred to BOT. |
|
|
|
A computer that is infected with BOT is automatically connected to instruction server or something similar installed by the attacker, resulting in formation of gigantic computer network referred to "BOT network", which is configured by several tens to several millions of BOT-infected computers.
Once infected computers receive instructions from the instruction server controlled by the attacker, they are controlled on the attackers discretion and act in sending numerous number of spam mails for the purposes of phishing and the like as well as in attacking a particular website (DDoS attack).
Thus, the users of such infected computers are used as steppingstones for the attacker without their knowledge, and forced to be not only "victims" but also "perpetrators." |
|
|
* DDoS (Distributed Denial of Service) |
|
|
|
|
| BOTs generally do not show specific visible symptoms even when your computer is infected, being unlike the conventional viruses or worms. A user therefore does not realize the infection of his/her computer and continue to use it without noticing any difference of the computer from before the infection. |
|
| BOT can update itself by adding new functions or correcting defects using the function of automatic self-updating. The updating interval is said to be short, e.g., several weeks. This also makes BOT difficult to be found. |
|
| Since source codes or tools for easy preparation of BOTs are disclosed on the Internet, many subspecies of a BOT have been prepared based on the single BOT. This feature has made BOT cleaning by using Anti-Virus software be difficult. |
|
| With conventional viruses, offenders committed the crime for their pleasure. In contrast, the preparers of BOTs aim to gain benefit from BOTs through, for example, lending BOTNET (networks using BOTs) to nuisance mail delivery companies on a pay-by-the-hour basis, selling personal information stolen, and so on. |
|
|
|
|
BOTs send out nuisance mails using the infected computers as steppingstones. Although only a few mails are dispatched from a single infected computer so that the computer user does not realize the situation, BOTs can entirely dispatch numerous number of nuisance mails, using several thousand infected computers in the BOTNET. |
|
|
|
BOTs disrupt an operation of a particular website by sending a numerous packet (data) to the Web server and thereby making it inoperable. As analogous to sending nuisance mails, although only small volume of attack data is sent out from a single infected computer, it would be a threat for even large scale of a server that BOTs can send out data from several thousands to several millions infected computers. |
|
| |
|
|
|
Utilizing vulnerabilities of computers, BOTs take actions to augment infection so that the number of computers available for nuisance mails and DoS attacks are increased. BOTs take over computers that have vulnerabilities and send in programs for infecting other computers. |
|
|
|
|
To perform the item 3 "Network infection", BOTs collect information of the computers with vulnerabilities. Using the collected information, another computer is selected as the next target for infection. |
|
| |
|
|
|
A BOT adds new functions and correct own flaws using functions to update itself automatically. In addition, when an "instruction server", which interfaces the instructions from the attacker, becomes unavailable due to virus disinfestation and such, the BOT find another server to switch the instruction server. |
|
|
|
|
A BOT can send out information stored in an infected computer to the external. Therefore, based on received instructions, various pieces of information are stolen, collected or leaked out to the external, where the information includes a keyboard operation history, credit card No. and ID, password, and addresses registered in an address book of the mail software. |
|
| |
|
0 comments :
Post a Comment