A botnet is a network of zombie computers infected with malware. The hackers’ aim in taking remote control of all these PCs is to carry out several illicit activities without the owners’ knowledge. Successful botnet dismantling operations reinforce the global fight against spam.
What hackers can do with a botnet
The hackers remotely control the botnet using a central server. Examples of the actions they can carry out include mass spamming, reading users’ personal data, executing and modifying a program, attacking a server, and so on. Hackers use the http protocol to link all infected computers together.
The Waledac botnet: out of service or not?
The Waledac botnet distributes almost 1.5 billion spam messages worldwide every day. Created in 2008, it was able to infect several hundred thousand PCs in just two years. This botnet specializes in sending out massive amounts of spam, according to an IT security company. Although Microsoft announced the decommissioning of the Waledac botnet during the first quarter of 2010, experts have not recorded any decrease in spam during this period.
Destruction of the Rustock botnet in 2011
Rustock was a botnet of nearly a million zombie computers. In its four years of existence, it has generated around 47% of the world’s spam, i.e. several million spam messages sent to users every day. At the end of the first quarter of 2011, Microsoft announced its final demise. This situation saved users who had been under Rustock’s thumb for several years.
The decapitation of this malware required the implementation of an operation called “b107”. It brought together a number of entities, including academics, industrialists and the relevant authorities. Several investigations were carried out in various countries, including one directly on the premises of 5 hosting companies located on American soil. Microsoft hopes that the seized hard drives will lead experts to a list of computers infected by the Rustock malware. Its disappearance reduced the number of spam messages registered worldwide for some time.
Killing the Grum botnet in 2012
Towards the end of July 2012, a company specializing in IT security announced the destruction of the Grum botnet. This network of zombie PCs generated almost 18% of the world’s spam during its 4 years of existence. The hackers have set up their servers in 4 countries: Russia, the Netherlands, Ukraine and Panama. Several entities from these nations contributed to its dismantling.
The operation began by shutting down the CnC servers of the Grum botnet based in the Netherlands. Although a few infected computers have already been removed, the rest could only be stopped when the servers in Panama and Russia were neutralized. This vast operation paralyzed almost 80% of the Grum botnet network.