What is a Botnet Scam?
Table of Contents
- What is a Botnet Scam?
- “Botnets” and Why They Exist
- The Internet of Things and Zombie Infections
- How Botnets are Borne
- Botnet Scams: Types, Attacks, and Mirai
- Some Types of Botnet Recruitment Systems
- Common Botnet Attacks
- The Mirai Botnet
- How to Tell if You’re a Victim, How to Avoid being a Victim, and Why it is Difficult to Stop Botnets
- Why is it Hard to Stop Botnet Scams if Prevention is Easy?
- By Brianne Savage
- Jul 15, 2022
Botnet scams are multi-fold in their danger. Each botnet scam requires a criminal and a series of victims. Victims are those who have had their computers hijacked, plus the targets of the criminal's assaults.
Botnet scams are difficult to stop because of the ever-evolving internet and bad actors’ constant, feverish march. Fortunately, as technology advances with great leaps of effort, society also makes a steady walk forward regarding applications, security, threat detection, and protection.
The keys to avoiding a botnet scam are being proactive, protective, and reactive.
What is a Botnet Scam?
There are many species of botnet scams, so to speak accurately about them is not without outliers or exceptional circumstances. It would also be helpful to start with a ‘botnet’ and how the systems work to achieve many goals.
“Botnets” and Why They Exist
The botnet definition precisely references a particular “robot network.” Cybercriminals and the average person use botnets (although their goals would hopefully be different). Botnets can be helpful in various ways for the network owner, so there is nothing fundamentally wrong or illegal with owning or operating your own botnet.
Where things begin to get cloudy is how a botnet is recruited. Cybercriminals can impregnate improperly secured devices connected to our beloved internet. Available devices include all stuff considered as part of the Internet of Things.
The Internet of Things and Zombie Infections
The Internet of Things (IoT) can be considered a mass network with different channels, each hosting its own industry standard for security. Items that are part of these possible channels are anything with an internet connection, from smart devices to wireless headphones and refrigerators to automated grills.
Each item connected to the IoT risks running into highly aggressive malware, viruses, or zombie technology—named 'zombie' because of the ability to transfer 'infection' to new devices in the same network and their remote-controlled behaviors.
Criminal botnets typically achieve one of the following goals:
- Collect private information from an individual or organization.
- Enlist devices for a large-scale coordinated botnet attack.
- Compromise one security system to compromise others at a different time.
How Botnets are Borne
There are many ways that cybercriminals can overtake, corral, and possess IoT devices. Depending on the target device and the subsequent motivations that the criminal has, they may choose one of the following methods (or utilize a combination of them):
- Client/Server: the centralized version of the two. This requires a host computer or malware infecting and taking over other devices. Possible infected devices include servers, computers, networks, or any stand-alone IoT. Web-based botnets are some of the most well-known scams—one link click and the computer is infected. Additionally, because this is a centralized mode of assault, law enforcement can quickly learn the location of the infected servers or devices and take them down.
- Peer-to-peer (P2P): due to the unsecured state of the client/server model, some criminals decide to use a decentralized method instead. These P2P botnets are arguably more dangerous to everyone because they are anonymous. The entire network of infected devices like this is triggered anywhere with a master key code. Law enforcement can track down the criminals behind these types of malware and attacks, but it takes time to build a working map.
Additionally, some codes have' wormable' properties depending on the type of malware used to infect the computer or device. These properties are described as 'worms' because they can wriggle their way into a device's system autonomously if the devices are on the same network. When this happens, the devices have shared resources or materials previously, and that door is still viable for the malware to utilize.
Botnet Scams: Types, Attacks, and Mirai
As mentioned before, there are multiple victims in a botnet scam. The first victim is the owner of the pirated device, while the second victim will be whoever is the target of the bot-master. Victims on both sides of the event can do little against an infected network—but they can become aware of the types of botnets on the internet and, in that way, begin to be proactive about protecting their information (and any other victims down the line).
Some Types of Botnet Recruitment Systems
In the case of the latter, there are many types of botnet scams that can rope your devices into a weaponized network. They are variations of the client/server or the P2P models. What is different is how they approach “available” IoT devices:
- Internet Relay Chat (IRC): these botnets can work in two ways. In the first case, an already formed botnet can swarm a chat and break the targeted machine or server. In the second case, already infected bots can automatically spam chats in the hopes of adding additional bots via a person’s click on an infected link.
- Automated: not all botnets are fully automatic, but the ones that are, are challenging to detect. These are fully autonomous botnets, and they act as resource predators. Once a device is infected, the bot can collect the unused resources from the machine and reroute the resources at the botmaster's discretion.
- Manual: the autonomous version (above) has various features and defenses that a bot-master might enjoy from arm’s length away. However, some bot-masters require more direct and specific controls. These manual botnets are chosen precisely because of their superior control abilities. On the flip side, because they are directly controlled, the bot-master puts themselves in more danger.
- Backdoor: located in every IoT device is a backdoor through which administration and authorized users can change fundamental aspects of the device. If a cybercriminal gains access to this, they can find anything on the computer, scavenge information, and find other devices to worm through. Autonomous backdoor botnets can also act as agents, continuously working to gain more devices to an infected network.
- Spam-sending: one of the most recognizable scams for most people are those emails and spam messages filled with questionable links. Some might even contain a prince looking to distribute his wealth upon us (the groveling peasants). Some spam bots can send billions of emails daily, looking to draft more IoT devices when the potential victim clicks on the wrong link. These are some of the most favored variations since they are semi-anonymous and remote.
Common Botnet Attacks
Botnet attacks also come in a fun-filled variety of flavors. The type of large-scale attack the bot-master has in mind will change depending on their goals. What does not change is their unlawful use of IoT devices to wreak havoc on protected information systems. Their goal is always either money, information, or sometimes revenge. These are the most common large-scale attacks committed by a bot-master and an army of bots:
- Distributed Denial of Service (DDoS): one of the most recognizable bot attacks is DDoS assaults. These attacks aim to swarm a targeted application or server with requests, causing the machine to crash. This works because they target the most vulnerable part of the system, causing it to overwork, seize, and halt.
- Phishing: everyone knows that malware can travel through emails and malicious links; what is less known is that phishing is challenging to trace and harder to stop. It is hard to stop because emails are usually protected or anonymous. Often, malware will be downloaded and hidden immediately after the first click is received (while the owner is distracted elsewhere).
- Data Breach: some botnets can get into a system and extract sensitive information. Botnets can attack the strongest of defenses and get around them. Sometimes botnets are infected via host applications like Trojan horse viruses.
- Cryptocurrency Mining: specific botnets can mine cryptocurrencies for their bot-master. In these attacks, the bot-master uses stolen resources without the victim knowing their resources are vulnerable. Additionally, some cryptocurrency scams will aim at the transactions done with the currency since that is the weakest point in the process.
- Brute Force Attacks: these attacks are prevalent but randomized. The cybercriminal can repeatedly attack a rival (or well-protected) network. They can do this by continuing to guess credentials that will give them access to sensitive information. Most of the time, a simple hit-or-miss approach is adapted here. That is why a person may get a random email with a note to change their password immediately.
The Mirai Botnet
One of the most notorious botnet systems is called Mirai. It was created in 2016 to infect Linux devices and reposition their resources to attack Dyn. Dyn, at the time, was a serious website security monitor and controller that provided domain registration services. Using only 100,000 bots, Dyn was brought down—and a year later, Dyn was defunct. However, at that time, the botmasters of Mirai released their source code to the internet.
The Mirai botnet, in particular, is a perilous malware. It can mutate—giving rise to subsequent malware variations. Anyone can find the Mirai source code online today. The Mirai source code has given birth to variants like:
- PureMasuta: malware able to weaponize the HNAP bug in some devices.
- OMG: malware able to transform IoT devices into anonymous action ports.
- Reaper: malware that can target many devices, complete with highly superior control over the bots and the connected network.
How to Tell if You’re a Victim, How to Avoid being a Victim, and Why it is Difficult to Stop Botnets
Discovering whether or not you are a victim of a botnet infection used to be easy. The infection was often overtly present in the form of non-stop advertisements and a slow, frustrating response time.
These days, botmasters have created steps to ensure that endpoint users don't notice that their computer is compromised. Further, some malware creators make code for the endpoint user to be encouraged to ignore the infection, even if it is noticed.
Are You A Victim of an Infection?
Technology these days is created for convenience. As such, malware has adjusted to conform to what users expect from their devices. There may be no outward signs that your computer is infected. Responding to this, some internet providers are becoming more proactive about the threats.
Some internet providers have begun to offer additional services to their proactive approach to dealing with constant malware threats. The problem with this is that the proactive measures require:
- That an individual recognizes that they are threatened by malware.
- That an individual takes the threat of malware seriously.
- That an individual knows the sort of protection an internet provider can offer.
Best Practices for Avoiding Botnet Scams and Indoctrinations
Despite every IoT device’s constant threat every day, some preventative measures are easy to take to ensure that you and your family are safe from most malware attacks, attempts, and connections. The best practices for preventing botnet attacks include:
- Keep software systems up to date, or implement auto updates.
- Monitor the network for suspicious activity or overuse.
- Investigate failed login attempts (and change your password!).
- Get protection for all IoT devices, including phones or game consoles.
- Download things only from reputable websites.
- Don’t click on a link or connection that is unfamiliar or unknown.
- Scan any new or unknown external media like USB sticks or CDs.
- Implement two-factor authorization on all systems that allow it.
- Don’t put personal information into applications or websites using a guest or unsecured Wi-Fi connection.
- Be cautious about fear-mongering or “scareware.”
Why is it Hard to Stop Botnet Scams if Prevention is Easy?
There are many reasons why botnet scams are hard to stop entirely. One reason is the autonomous feature of many malware systems. Another reason is that botnets are undetectable for the endpoint user, so many people don’t know they are infected.
Conversely, some know they are infected but do not know how to fix the malware problem or would prefer not to deal with it. Since there is no actual cost or interruption in service or behavior of the IoT device, there is no incentive to fix the problem.
On the other side, manufacturers have little incentive to protect their devices from such attacks. Those previously affected companies receive assistance, but manufacturers don’t want to increase security for simple machines. It is not lucrative enough for them to proactively spend the time or resources necessary to protect the endpoint consumer or user.
Additionally, because the internet is global, there are difficulties when a bot-master from a country enacts attacks against companies and people in other countries. There is not a clear path to justice. There is no global defense against these attacks, so botmaster's punishments are hazy. This, in turn, encourages more foreign or VPN-based assaults.
Avoid Being Part of a Botnet Scam by Being Proactive, Protective, and Reactive
Botnet scams hurt many people all over the world every year. Even worse, many people won’t know they are compromised until it is too late. Luckily, there are simple steps that a person can take to prevent their devices from being used illegally.
Be proactive against botnet scams by knowing how they work; be protective of your devices by taking steps to help secure them; if your devices are compromised, take the next step and react to the threat by seeking professional assistance.