Botnets play a huge role in modern day large-scale DDOS attacks. They are the cornerstone to every successful attack. Why? It’s simple: in order for a DDOS attack to take down a website it has to deliver malicious traffic. A lot of it. You see, a distributed denial of service attack works by flooding an application or website with a number of requests; sometimes by sending different types of packets, sometimes with HTTP requests. The end result is either a slow, buggy website, or a website that’s not even online.
What Is A Botnet?
Botnets are infected hosts or computers that can be controlled by a hacker via a central server, called a C&C (command and control) server. Botnets are created through the spread of malware. Often times, attackers will create custom scripted botnets that are programmed to self-replicate — they continue to infect other machines through an automated process.
What Are Botnets Used For?
Botnets are used for many reasons. While we are focusing on how botnets are used to launch large-scale DDoS attacks, more times than not they are used to spread malware via spam.
Here’s a look at some of the ways botnets are used:
- Spamming
- Large-scale DDoS attacks
- Spreading malware
- Stealing personal information
- Click-jacking
- Bitcoin mining
Most of these areas have some overlap. For example, in order to build a botnet you need to infect other machines. This is done through malware, but spreading malware requires means you need to get it out into the world. Spam is used to send malicious links through email, and spam is also used to post malicious links across the web. Once a host is infected an attacker will use the control of others’ machines to profit.
Here are some of the ways attackers profit from botnets:
- Large-scale DDoS attacks – Whether through extortion or DDOS-for-hire, hackers will attempt to profit off of bringing websites down.
- Identity theft – Malware installed on your computer will siphon off personal data and “phone home” to the attacker, sending all of your personal details. Later, the attacker will fence this stolen information to other cyber criminals on the deep web.
- Click-jacking – Once an attacker has infected your computer, they will install malicious browser add-ons that will redirect users to sites where the attacker will make a profit as an affiliate. Other forms of this scam work by selling junk traffic to advertisers.
- Bitcoin mining – This one has been done, so I felt it was worth a mention, but the ZeroAccess botnet that was tied to this voluntarily suspended operations. The hashing difficulty has increased to the point the CPU mining isn’t profitable and more than likely exposed the attackers much more than they were comfortable with.
Notable Large-scale DDoS Attacks
Back to the matter at hand: DDOS. Large-scale DDoS attacks have made the headlines over the last few years due to the sophistication and size of the botnets that were used. What has caused large-scale DDOS attacks to become even more potent are poorly configured DNS servers — but that’s another story altogether.
Here are a few large-scale DDOS attacks that stole the headlines:
- Spamhaus attack – The largest recorded DDoS attack was launched against Spamhaus and reached 300 billion bits per second.
- Operation Abibal – The Izz ad-Din al-Qassam Cyber Fighters unleashed a series of large-scale DDoS attacks on banks over a video that was release on YouTube that insulted Muslims. Their response was Operation Abibal, a campaign aimed against American banking conglomerates.