From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
“A botnet is comparable to compulsory military service for windows boxes” – Stromberg
… Based on the data we captured, the possibilities to use botnets can be categorized as listed below. …
- Distributed Denial-of-Service Attacks
Most commonly implemented and also very often used are TCP SYN and UDP flood attacks. Script kiddies apparently consider DDoS an appropriate solution to every social problem. … run commercial DDoS attacks against competing corporations … DDoS attacks are not limited to web servers, virtually any service available on the Internet can be the target of such an attack. … very specific attacks, such as running exhausting search queries on bulletin boards or recursive HTTP-floods on the victim’s website.
open a SOCKS v4/v5 proxy … send massive amounts of bulk email … harvest email-addresses … phishing-mails
- Sniffing Traffic
use a packet sniffer to watch for interesting clear-text data passing by a compromised machine. … If a machine is compromised more than once and also a member of more than one botnet, the packet sniffing allows to gather the key information of the other botnet. Thus it is possible to “steal” another botnet.
- Spreading new malware
In most cases, botnets are used to spread new bots. … spreading an email virus using a botnet is a very nice idea
- Installing Advertisement Addons and Browser Helper Objects (BHOs)
setting up a fake website with some advertisements … these clicks can be “automated” so that instantly a few thousand bots click on the pop-ups. … hijacks the start-page of a compromised machine so that the “clicks” are executed each time the victim uses the browser.
- Google AdSense abuse
… leveraging his botnet to click on these advertisements in an automated fashion and thus artificially increments the click counter.
- Attacking IRC Chat Networks
attacks against Internet Relay Chat (IRC) networks. … so called “clone attack”: In this kind of attack, the controller orders each bot to connect a large number of clones to the victim IRC network.
- Manipulating online polls/games
Online polls/games are getting more and more attention and it is rather easy to manipulate them with botnets.
- Mass identity theft
Bogus emails (“phishing mails”) … also host multiple fake websites pretending to be Ebay, PayPal, or a bank …