Talk:Botnet: Difference between revisions

Missing from Article

There are some things missing from the article:

• Evolution of botnets -- though many still use a central command and control, new P2P bots are coming up
• Types/branches of bots, and most importantly,
• A better treatment of mitigation strategies. I'm in touch with recent research on botnets; I'll edit this article in a week or so if I dont see any complaints --Railrulez 11:16, 22 July 2006 (UTC)

The botnet life cycle image is nice, but steps 4-5 as given are pretty unusual. Typically spammers ("sponsors") pay for access to bots, not to the botnet controller, and are supplied with proxies opened up on the individual bots. It is not usual for spammers to be given control of a botnet through the IRC control channel. Miscreant botherds often provide nice fancy web interfaces or special software that pulls down lists of available proxies to use for sending spam; e.g., send-safe.com. Lippard 19:54, 30 October 2005 (UTC)

There are legitimate uses for botnets, too. :-) --Cuervo 23:02, 3 Apr 2005 (UTC)

Expand, expound, elucidate, explain. --Baylink 01:34, 4 Apr 2005 (UTC)

Speaking within the context of IRC, I suppose the primary legitimate purpose for a botnet is redundancy. If a bot (or its server) becomes too lagged, or the machine it's running on becomes unstable, it's not going to do its channel maintenance duties very well. Having other bots around provides a bit of a failsafe, and linking them allows them to share userfiles, channel settings, etcetera. Even if it's not lagged, what if someone, by luck or malice, deops the bot first, in the first stages of a channel takeover? What if there's more than one rogue chanop?

Eggdrops also have built-in encryption capabilities (Blowfish has been a part of Eggdrop since the 1.0 series, but it's possible to write one's own modules) and a "party line" accessible to properly authenticated users over DCC CHAT or telnet, which, combined, basically gives people running Eggdrops the option for encrypted communications (there is a module called "wire" for just this purpose), though it should be noted there is currently no functionality in the mainstream Eggdrop source for encrypted connections to the bot itself. There's also built-in note functionality, which allows you to leave notes for users on other bots, even those you may not have access to.

This is just the built-in stuff. With the Tcl hooks, you can write a script to do pretty much anything you want across the botnet. Here's a good example: say you have two bots running, opped, in a channel. One gets banned. The banned bot can request the other unban it across the botnet.

I myself run a small botnet for one of the channels I run on EFNet, and it doesn't do anything evil; most of the time, it just sits there. Sometimes the cool kids show up on the party line.

My arguments here are a bit disorganized, I'll clean them up after coffee. :-) I suppose what my opinion comes down to that there are botnets created by worms and crackers, and botnets created by users with no ill intent, and I believe that there should be a distinction between the two.

--Cuervo 19:11, 4 Apr 2005 (UTC)

Confusion of bots with IRC "bots"

Parts of the introduction and "preventative measures" section seem to confuse IRC bots with infected machines that are part of a botnet. IRC bots are programs that listen and talk on an IRC channel; for example, a quiz bot might pose questions, and then answer "correct"/"incorrect" based on answers given by people talking in that channel. Botnet "bots" are infected computers under remote control, generally by criminal organizations and often to send spam. This confusion may have arisen because some botnets are, in fact, controlled through the IRC chat infrastructure.

If I have time I'll come back and fix this.

--User:dcposch:dcposch

Rogue botnets run on Microsoft OSes

The average person reading this article will not realize that, while most non-rogue irc networks run on non-Microsoft OSes, most rogue botnets run on compromised machines running Microsoft OSes. The popular press generally does not make this type of thing clear to readers. Hence many lay persons incorrectly believe that it is the nature of all computer systems, not just primarily those running Microsoft OSes, to crash frequently and to be prone to viruses.

Without abandoning a neutral point of view, the botnet article should make it clear to the reader that rogue botnets exist almost exclusively on Microsoft OSes.

Rahul

What you say is true, but it doesn't necessarily have any significance. If 95% of home PCs run Windows, that's bound to be the natural target of criminal botnets as home PCs are the least defended computers in the world. If 95% ran Mac OS, you'd see a shift to Mac OS-based botnets. The same would be true of Linux or any other OS. —The preceding unsigned comment was added by 212.146.47.250 (talk) 20:54, 2 May 2007 (UTC).

this reasoning is blatantly fallacious. Microsoft Windows is uniquely vulnerable due to the inherent architecture or lack thereof, allowing rogue code to execute at the highest privilege level by default (until Vista), Unix based OS'es specifically disallow this by default. The plethora of buffer overflow vulnerabilities is also directly caused by Microsoft compiler architecture. Rahul's comment is valid, article is misleading in not mentioning this.

- DavidTangye (talk) 00:56, 8 February 2008 (UTC) I agree completely. It is a massive global problem with computers, that most people have no idea about software internals, and so fail to understand that viruses on Windows are NOT caused by its market dominance, but by technical architectural issues within the product. This article in Wikipedia, and several related articles, all fail totally to mention this, and thus, are by omission, allowing an incorrect belief to propagate. If Wikipeida wants to be truly neutral, and let truth be known, get more technically savvy people as editor/censors. At the very least don't let people who have little understanding of a subject delete information about it. As it is, by deleting the info I put in (twice now), you appear to be apologists of Microsoft. You do not appear to be neutral at all. Before you delete any new information, you should satisfy yourself that the new information is incorrect. Else you are just supporting whatever the status-quo is, whether it is correct or not. You need to rethink and change your entire way of thinking over the issue of update reversion.

It blatently is MS's market dominance that means so many attacks are made against it. Any technical shortcomings in Windows just make it easier. There are OSs around with security holes that could easily be exploited but aren't simply because they have hardly any users. If all currently known botnets are Windows only then that's worth mentioning (I'm not changing it because I don't know), but it shouldn't give the impression that users of any other OS will be safe for ever. I'm certainly not a Microsoft apologist, but there's valid criticism and then there's some that's verging on FUD. -Riedquat (talk) 14:08, 16 March 2008 (UTC)

Market dominance it is. Even Steve Jobs has his head up his ass about this. In response to the Apple vs PC commercials, there was a page[1] that revealed 1 Apple vulnerability per day. Here[2] is a blog entry as well. Blogs are not sufficient sources, but the blog provides its own sources that you can follow on your own. It doesn't take a math genius to know that statistically it would be harder for a worm to find an Apple on the Internet than a PC, being so much more rare. 69.119.13.218 (talk) 17:09, 11 June 2008 (UTC)

On this talk page, it is not relevant whether the reason is the MS OS's architectural weaknesses or its market dominance (or both). The fact is that there is no citation supporting the statement and it therefore does not belong in the article until a reliable source is found. I should delete it myself but since someone has already added it twice now, and I don't want to start an edit war, I will not. However, WP:Verifiability states that the burden of evidence lies with the editor who added the information, not the editor who believes the information is incorrect. Hence, until a citation is provided, I request the editor who posted it remove it themselves. Phlyght (talk) 17:57, 15 September 2008 (UTC)

Possible cleanup in "Lifecycle section"

This article probably needs cleanup in the Lifecycle section. I doubt that a bulleted list will suffice for an encyclopedia entry. Any ideas? --Bsdlogical 00:43, 22 September 2006 (UTC)

The same goes for the Purpose section. I think it needs an overhaul. --Bsdlogical 00:49, 22 September 2006 (UTC)

I agree with you seeing as nothing has happened with in for 4 years and the list really isn't even accurate I'm removing the whole section98.204.204.199 (talk) 00:09, 8 January 2011 (UTC)

External Link Expired

http://swatit.org/bots/gallery.html has outdated Certificates, and an invalid contact address for their "free" download. Considering the subject, possibly this should be removed.

198.53.106.189 19:40, 11 January 2007 (UTC)

The picture is retarded

Anybody else think the picture is really dumb and should be removed? Oddity- 03:42, 23 April 2007 (UTC)

Why would you use a term like 'retarded' to describe something you don't like? Its highly insensitive to do so - like people using the word 'gay' for something they consider useless. Personally, I think the picture is a little immature, but it does help to explain the concept of a Botnet to a non-technical person, so believe it should stay.

DavidTangye (talk) 01:12, 8 February 2008 (UTC) To the above comment. What is your problem?

- If its highly insensitive, get over it. Highly insensitive to what? This is public property. He is describing a picture, not the original contributor of the picture, whoever that might be. You seem to assume he is having a go at the original contributor.

- 'Retarded' is a common term used by mainly young people around here, including one of my daughters, who is well spoken generally, and not immature for her age. I think its a funny term to use actually, so lighten up.

- In other parts of the world, it might be taken differently. So do you suggest we all go back to a common language and idiom-set, eg Kings English 1850, so we don't risk offending anyone. You are wasting your time here. Go be a diplomat. They spend whole careers having meetings to try to not offend anyone. Nothing gets done, but everyone has a good time talking, while the wars go on, and the planet burns. But that's OK, because no-one 'of consequence' is offended.

Oh, and now to the issue. To Oddity: I think that the diagram is reasonably good. But the real point is, if you don't like something, DO better. Put up an alternative picture. Stop removing stuff, unless you put up something in its place that addresses whatever is "behind" you have removed.

First of all, guys, if you have an issue with his comment, put it on his discussion page, not here, this is about the article. I came here to see what discussion is already in place about the picture. I also think it's silly, but effective. My only problem is that it explicitly implies that all spambots run Windows. This can be in violation of Wikipedia's NPOV policies, and also must be sourced. Just because it's not text, doesn't mean such a thing can go without a source. I'll be thinking of alternatives here. 69.119.13.218 (talk) 16:59, 11 June 2008 (UTC)

Yep the picture is definitely retarded, in fact i find it more confusing than helpful. An illustration is supposed to help people easily understand a process. The standard end-user with no real knowledge of the process would not appreciate the pic. Freeky nerd (talk) 15:18, 8 September 2008 (UTC)

OK I just made a new picture, hope it's less retarded :-) Tom-b (talk) 03:39, 26 January 2010 (UTC)

Not sure if I'm seeing the new picture or not .. but what's there is still (obviously?) unfit for an "encyclopedia" .. On the use of the word "retarded" .. this is the discussion page, so it's to be expected, but it *is* offensive to the many people who know/love people who are mentally retarded. Better word choice would help whoever started this section make achieve their goal of removing the picture. —Preceding unsigned comment added by 70.225.168.239 (talk) 05:35, 10 January 2011 (UTC)

Though the picture isn't in the general spirit of an encyclopedia, it is tasteful, well drawn, and clearly illustrates the idea. There are worse things to be given attention, in my opinion. — Preceding unsigned comment added by Katovatzschyn (talk • contribs) 23:27, 11 February 2011 (UTC)

Bot herder?

Where does this term "bot herder" come from? I have never heard it in the professional IT space nor in the groups who actually set up botnets. Everyone I've ever known calls them "botnet controllers". The term "botnet herder" isn't even referenced in any of the supporting sources. 131.128.96.48 19:31, 10 August 2007 (UTC)

The bot herder is the *person* running the botnet, not the botnet controller. I've heard the term. Lippard 02:54, 28 September 2007 (UTC)

The botnet herder is the botnet controller. Herding is the act of bringing animals together in a group, maintaining and moving the group from place to place hence the name botnet herder. Herder, Controller, different words same meaning (in this context).Freeky nerd (talk) 15:26, 8 September 2008 (UTC)

this is not the best definition of botnet

You can log IRC bots onto multiple servers and have them /msg each other to coordinate cross-server functionality.. that's also a botnet. They can get pretty complex- you can span hundreds of servers in a massive network of bots --ffroth 21:06, 6 December 2007 (UTC)

Actually it's a good definition of a botnet , but you're right, it is not the only meaning of botnet. botnet (made of eggdrops for example) is known by IRCers, I guess that makes less people than the large public that hears about the zombie stuff. Anyway, as newest (zombie) botnets dont use IRC anymore, I suppose this article will need a rewriting. -- skiidoo (talk) 01:19, 7 December 2007 (UTC)

Tone Issue

The 3rd paragraph ends with the sentence: "Exploitation of this method of using a bot to host other bots has proliferated only recently, as most script kiddies do not have the knowledge to take advantage of it." This needs to be rewritten to reference the term Script Kiddies differently. The way it appears here, it has a condescending tone that one might use when speaking informally to another person about a particular topic. I understand the term is part of the hacker culture, and intended to sound that way, but I am not sure if it fits on Wikipedia. It sounds like an offhand comment. Does anyone else agree? --Johnsm2 (talk) 22:51, 30 January 2008 (UTC)

Struck me as seeming to be a bit too much opinion and not fact.--97.65.201.94 (talk) 22:46, 20 January 2010 (UTC)

Merge

the article Dosnet into this one... 83.76.1.233 (talk) 22:42, 24 July 2008 (UTC)

I agree the articles should be merged.Freeky nerd (talk) 15:28, 8 September 2008 (UTC)

Prevention

Maybe it should be noted that since the primary purpose of malicious botnets appears to be the sending of spam, the best way to neutralize botnets is to educate people on how to prevent spam, which is not hard to do on an individual basis (e.g.: you can virtually completely eliminate it using Outlook Express rules plus your own domain name), as well as improving the extremely poor spam-identification algorithms currently used by ISPs. —Preceding unsigned comment added by 71.154.253.96 (talk) 15:33, 30 September 2009 (UTC)

Listing Zeus as a "Botnet"

I see that Zeus is listed on the "Historical list of botnets" on this page as a botnet containing 3.6 million computers. It should be noted that Zeus was malware-for-sale--users could buy binary files from the creator with their own command-and-control domains specificed for 3000-ish US dollars and use them for their own purposes, and then spread the files themselves. Zeus was not run by any one specific botmaster, like the major spambot networks are. While 3.6 million computers may have been infected with Zeus malware, Zeus itself was not really a "botnet" of 3.6 mil since most of those zombies reported to completely separate masters. Given that information I'd dispute the inclusion of Zeus under "historic botnets" on this page. 99.99.166.46 (talk) 06:17, 9 April 2011 (UTC)